diff --git a/.github/actions/get-ocp-range/action.yaml b/.github/actions/get-ocp-range/action.yaml
new file mode 100644
index 00000000000..1d75e6a7764
--- /dev/null
+++ b/.github/actions/get-ocp-range/action.yaml
@@ -0,0 +1,35 @@
+name: 'Get OCP range'
+description: 'Get the range of OCP versions corresponding to the provided range of Kubernetes versions'
+inputs:
+  kube-version-range:
+    description: 'Range of Kubernetes versions'
+    required: true
+outputs:
+  ocp-version-range:
+    description: "Corresponsing range of OCP versions"
+    value: ${{ steps.run-get-ocp-range.outputs.ocp-version-range }}
+runs:
+  using: "composite"
+  steps:
+    - name: Setup Go
+      uses: actions/setup-go@v4
+      with:
+        go-version: '>=1.20'
+
+    - name: Install get-ocp-range
+      shell: bash
+      run: go install github.com/opdev/getocprange/cmd/get-ocp-range@latest
+
+    - name: Run get-ocp-range
+      id: run-get-ocp-range
+      shell: bash
+      run: |
+        echo "::debug::Received kubeVersionRange to translate '${{ inputs.kube-version-range }}'"
+        OCP_VERSION_RANGE=$(get-ocp-range '${{ inputs.kube-version-range }}')
+        echo "ocp-version-range=$OCP_VERSION_RANGE" >> $GITHUB_OUTPUT
+        echo "::debug::Successfully translated kubeVersionRange to OCPVersionRange $OCP_VERSION_RANGE"
+
+    - name: Display error message if get-ocp-range failed
+      if: ${{ failure() && steps.run-get-ocp-range.outcome == 'failure' }}
+      shell: bash
+      run: echo "::error file=.github/actions/get-ocp-range/action.yaml::Error running get-ocp-range"
\ No newline at end of file
diff --git a/.github/labeler.yml b/.github/labeler.yml
new file mode 100644
index 00000000000..21da783227d
--- /dev/null
+++ b/.github/labeler.yml
@@ -0,0 +1,4 @@
+allow/chart-changes:
+  - any: ['charts/partners/**/**/*', '!charts/partners/**/**/OWNERS']
+  - any: ['charts/redhat/**/**/*', '!charts/partners/**/**/OWNERS']
+  - any: ['charts/community/**/**/*', '!charts/partners/**/**/OWNERS']
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 99d751e010f..079a7df3671 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -5,30 +5,40 @@ on:
     types: [opened, synchronize, reopened, edited, ready_for_review, labeled]
 
 jobs:
-  chart-certification:
-    name: Chart Certification
-    runs-on: ubuntu-20.04
+  setup:
+    name: Setup CI
+    runs-on: ubuntu-22.04
+    outputs:
+      run_build: ${{ steps.check_build_required.outputs.run-build }}
+      verifier-action-image: ${{ steps.set-env.outputs.verifier-action-image }}
+      insecure_skip_tls_verify: ${{ steps.set-env.outputs.insecure_skip_tls_verify }}
+
     if: |
       github.event.pull_request.draft == false &&
-      (github.event.action != 'labeled' || github.event.label.name == 'force-publish')
+      (github.event.action != 'labeled' || github.event.label.name == 'force-publish') &&
+      github.actor != 'redhat-mercury-bot'
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Set up Python 3.x Part 1
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
-          python-version: "3.9"
+          python-version: "3.10"
 
       - name: Set up Python 3.x Part 2
         run: |
           # set up python
           python3 -m venv ve1
-          cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd ..
-          cd scripts && ../ve1/bin/python3 setup.py install && cd ..
+          cd scripts
+          ../ve1/bin/pip3 install -r requirements.txt
+          ../ve1/bin/pip3 install .
+          cd ..
 
       - name: Check for CI changes
         id: check_ci_changes
+        env:
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           # check if workflow testing should run.
           echo "[INFO] check if PR contains only workflow changes and user is authorized"
@@ -39,6 +49,7 @@ jobs:
         if: ${{ steps.check_ci_changes.outputs.run-tests != true }}
         env:
           BOT_NAME: ${{ secrets.BOT_NAME }}
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           # check if PR was created as part of release processing
           ./ve1/bin/release-checker --api-url=${{ github.event.pull_request._links.self.href }} \
@@ -69,47 +80,82 @@ jobs:
           elif [ "${CHART_PR_FOR_RELEASE}" == "true" ]; then
             echo "The PR is part of release processing for the charts repository - do not continue."
           else
-            echo "::set-output name=run-build::true"
+            echo "run-build=true" >> $GITHUB_OUTPUT
           fi
 
       - name: Set Environment
         id: set-env
         run: |
-          #set environemnt based on repository
+          #set environment based on repository
           if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then
-            echo "::set-output name=insecure_skip_tls_verify::false"
-            echo "::set-output name=verifier-action-image::latest"
+            echo "Use latest verifier image"
+            echo "verifier-action-image=latest" >> $GITHUB_OUTPUT
           else
-            echo "::set-output name=insecure_skip_tls_verify::true"
-            echo "::set-output name=verifier-action-image::0.1.0"
+            echo "Use dev verifier image"
+            echo "verifier-action-image=0.1.0" >> $GITHUB_OUTPUT
           fi
+          echo "insecure_skip_tls_verify=true" >> $GITHUB_OUTPUT
+
+
+  chart-verifier:
+    name: Run chart-verifier
+    runs-on: ubuntu-22.04
+    needs: [setup]
 
+    outputs:
+      report_content: ${{ steps.check_report.outputs.report_content }}
+      redhat_to_community: ${{ steps.check_report.outputs.redhat_to_community }}
+      message_file: ${{ steps.pr_comment.outputs.message-file }}
+      message_text_base64: ${{ steps.encode_pr_comment.outputs.message-text-base64 }}
+      web_catalog_only: ${{ steps.check_pr_content.outputs.web_catalog_only }}
+      chart_entry_name: ${{ steps.check_pr_content.outputs.chart-entry-name }}
+      release_tag: ${{ steps.check_pr_content.outputs.release_tag }}
+
+    steps:
       - name: Checkout
-        if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
+
+      - name: Checkout PR Branch
+        if: ${{ needs.setup.outputs.run_build == 'true' }}
+        uses: actions/checkout@v3
         with:
           ref: ${{ github.event.pull_request.head.ref }}
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           path: "pr-branch"
 
+      - name: Set up Python 3.x Part 1
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+
+      - name: Set up Python 3.x Part 2
+        run: |
+          # set up python
+          python3 -m venv ve1
+          cd scripts
+          ../ve1/bin/pip3 install -r requirements.txt
+          ../ve1/bin/pip3 install .
+          cd ..
+
       - name: Check PR Content
         id: check_pr_content
-        if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
+        if: ${{ needs.setup.outputs.run_build == 'true' }}
         continue-on-error: true
         env:
           GITHUB_REF: ${{ github.ref }}
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "refs/heads/gh-pages"; else echo "${GITHUB_REF}-gh-pages"; fi)
-           ./ve1/bin/check-pr-content --index-branch=${INDEX_BRANCH} --repository=${{ github.repository }} --api-url=${{ github.event.pull_request._links.self.href }}
+          ./ve1/bin/check-pr-content --index-branch=${INDEX_BRANCH} --repository=${{ github.repository }} --api-url=${{ github.event.pull_request._links.self.href }}
 
       - name: Add 'content-ok' label
-        uses: actions/github-script@v3
+        uses: actions/github-script@v6
         if: ${{ steps.check_pr_content.outcome == 'success'}}
         continue-on-error: true
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
-            github.issues.addLabels({
+            github.rest.issues.addLabels({
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
@@ -117,13 +163,13 @@ jobs:
             })
 
       - name: Remove 'content-ok' label
-        uses: actions/github-script@v3
+        uses: actions/github-script@v6
         if: ${{ steps.check_pr_content.outcome == 'failure' && contains( github.event.pull_request.labels.*.name, 'content-ok') }}
         continue-on-error: true
         with:
           github-token: ${{secrets.GITHUB_TOKEN}}
           script: |
-            github.issues.removeLabel({
+            github.rest.issues.removeLabel({
               issue_number: context.issue.number,
               owner: context.repo.owner,
               repo: context.repo.repo,
@@ -137,14 +183,14 @@ jobs:
           exit 1
 
       - name: Remove 'authorized-request' label from PR
-        uses: actions/github-script@v3
-        if: ${{ steps.check_build_required.outputs.run-build == 'true' && contains( github.event.pull_request.labels.*.name, 'authorized-request') }}
+        uses: actions/github-script@v6
+        if: ${{ needs.setup.outputs.run_build == 'true' && contains( github.event.pull_request.labels.*.name, 'authorized-request') }}
         continue-on-error: true
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             var issue_number = ${{ github.event.number }};
-            github.issues.removeLabel({
+            github.rest.issues.removeLabel({
               owner: context.repo.owner,
               repo: context.repo.repo,
               issue_number: Number(issue_number),
@@ -155,16 +201,20 @@ jobs:
         uses: redhat-actions/openshift-tools-installer@v1
         with:
           source: github
-          chart-verifier: ${{ steps.set-env.outputs.verifier-action-image }}
+          skip_cache: true
+          chart-verifier: "${{ needs.setup.outputs.verifier-action-image }}"
 
       - name: determine verify requirements
-        if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
+        if: ${{ needs.setup.outputs.run_build == 'true' }}
         id: verify_requires
+        env:
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
         working-directory: ./pr-branch
         run: |
           ../ve1/bin/get-verify-params --directory=pr --api-url=${{ github.event.pull_request._links.self.href }}
 
       - name: Install oc
+        id: install-oc
         if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
         uses: redhat-actions/openshift-tools-installer@v1
         with:
@@ -176,7 +226,7 @@ jobs:
         run: |
           #calculate cluster params
           API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d)
-          echo "::set-output name=API_SERVER::${API_SERVER}"
+          echo "API_SERVER=${API_SERVER}" >> $GITHUB_OUTPUT
 
       - uses: redhat-actions/oc-login@v1
         id: oc_login
@@ -184,19 +234,20 @@ jobs:
         with:
           openshift_server_url: ${{ steps.login-params.outputs.API_SERVER }}
           openshift_token: ${{ secrets.CLUSTER_TOKEN }}
-          insecure_skip_tls_verify: ${{ steps.set-env.outputs.insecure_skip_tls_verify }}
+          insecure_skip_tls_verify: ${{ needs.setup.outputs.insecure_skip_tls_verify }}
 
       - name: create service account
         id: create_service_account
         if: ${{ steps.verify_requires.outputs.cluster_needed == 'true' }}
         env:
           API_SERVER: ${{ steps.login-params.outputs.API_SERVER }}
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           ve1/bin/sa-for-chart-testing --create charts-${{ github.event.number }} --token token.txt --server ${API_SERVER}
-          echo "::set-output name=delete_namespace::true"
+          echo "delete_namespace=true" >> $GITHUB_OUTPUT
           echo $KUBECONFIG
 
-      - uses: redhat-actions/chart-verifier@v1.1
+      - uses: redhat-actions/chart-verifier@v1
         id: run-verifier
         if: ${{ steps.verify_requires.outputs.report_needed == 'true' }}
         with:
@@ -205,18 +256,60 @@ jobs:
             report_type: all
             fail: false
 
+      - name: check-verifier-result
+        id: check-verifier-result
+        if: ${{ always() && steps.run-verifier.outcome == 'failure' }}
+        run: |
+          error_message="The chart verifier returned an error when trying to obtain a verification report for the chart."
+          echo "verifier_error_message=$error_message" >> $GITHUB_OUTPUT
+
+      - name: Get profile version set in report provided by the user
+        id: get-profile-version
+        if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }}
+        uses: mikefarah/yq@v4.35.1
+        with:
+          cmd: yq '.metadata.tool.profile.version' ${{ format('./pr-branch/{0}', steps.verify_requires.outputs.provided_report_relative_path) }}
+
+      - name: Get the range of Kubernetes versions set in the report provided by the user
+        id: get-kube-range
+        if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }}
+        continue-on-error: true
+        uses: mikefarah/yq@v4.35.1
+        with:
+          cmd: yq '.metadata.chart.kubeversion' ${{ format('./pr-branch/{0}', steps.verify_requires.outputs.provided_report_relative_path) }}
+
+      - name: Get the corresponding range of OCP versions
+        id: get-ocp-range
+        if: ${{ needs.setup.outputs.run_build == 'true' && steps.verify_requires.outputs.report_provided == 'true' }}
+        continue-on-error: true
+        uses: ./.github/actions/get-ocp-range
+        with:
+          kube-version-range: ${{ steps.get-kube-range.outputs.result }}
+
+      - name: Only ignore errors in get-ocp-range for profile in version v1.0
+        if: ${{ (steps.get-kube-range.outcome == 'failure' || steps.get-ocp-range.outcome == 'failure') && steps.get-profile-version.outputs.result != 'v1.0' }}
+        run: |
+          echo "::error file=.github/workflows/build.yaml::Failure in get-ocp-range, mandatory for profile version ${{ steps.get-profile-version.outputs.result }}"
+          exit 1
+
       - name: Check Report
         id: check_report
-        if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
+        if: ${{ needs.setup.outputs.run_build == 'true' }}
         env:
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
           VENDOR_TYPE: ${{ steps.check_pr_content.outputs.category }}
-          PROVIDER_DELIVERY: ${{ steps.check_pr_content.outputs.providerDelivery }}
+          WEB_CATALOG_ONLY: ${{ steps.check_pr_content.outputs.web_catalog_only }}
           REPORT_GENERATED: ${{ steps.verify_requires.outputs.report_needed }}
           GENERATED_REPORT_PATH: ${{ steps.run-verifier.outputs.report_file }}
           REPORT_SUMMARY_PATH: ${{ steps.run-verifier.outputs.report_info_file }}
+          WORKFLOW_WORKING_DIRECTORY: "../pr"
+          OCP_VERSION_RANGE: ${{ steps.get-ocp-range.outputs.ocp-version-range }}
         run: |
           cd pr-branch
-          ../ve1/bin/chart-pr-review --directory=../pr --verify-user=${{ github.event.pull_request.user.login }} --api-url=${{ github.event.pull_request._links.self.href }}
+          ../ve1/bin/chart-pr-review \
+            --directory=../pr \
+            --verify-user=${{ github.event.pull_request.user.login }} \
+            --api-url=${{ github.event.pull_request._links.self.href }}
           cd ..
 
       - name: Delete Namespace
@@ -225,35 +318,48 @@ jobs:
           KUBECONFIG: /tmp/ci-kubeconfig
         run: |
           API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d)
-          oc login --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} --insecure-skip-tls-verify=${{ steps.set-env.outputs.insecure_skip_tls_verify }}
+          oc login --token=${{ secrets.CLUSTER_TOKEN }} --server=${API_SERVER} --insecure-skip-tls-verify=${{ needs.setup.outputs.insecure_skip_tls_verify }}
           ve1/bin/sa-for-chart-testing --delete charts-${{ github.event.number }}
 
       - name: Save PR artifact
-        if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }}
+        env:
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
+        if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
         run: |
           ve1/bin/pr-artifact --directory=./pr --pr-number=${{ github.event.number }} --api-url=${{ github.event.pull_request._links.self.href }}
 
       - name: Prepare PR comment
         id: pr_comment
-        if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }}
+        if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
         env:
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
           PR_CONTENT_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.pr-content-error-message }}
           OWNERS_ERROR_MESSAGE: ${{ steps.check_pr_content.outputs.owners-error-message }}
           COMMUNITY_MANUAL_REVIEW: ${{ steps.check_report.outputs.community_manual_review_required }}
-          OC_INSTALL_RESULT: ${{ steps.install-oc.conclusion }}
+          OC_INSTALL_RESULT: ${{ steps.install-oc.outcome }}
+          VERIFIER_ERROR_MESSAGE: ${{ steps.check-verifier-result.outputs.verifier_error_message }}
         run: |
-          ve1/bin/pr-comment ${{ steps.check_pr_content.outcome }} ${{ steps.check_report.conclusion }} ${{ github.repository }}
+          ve1/bin/pr-comment ${{ steps.check_pr_content.outcome }} ${{ steps.run-verifier.outcome }} ${{ steps.check_report.conclusion }}
 
+      # Note(komish): This step is a temporary fix for the metrics step in the next job
+      # which expects the PR comment to exist at the specified filesystem location.
+      - name: Encode PR Comment for Metrics
+        id: encode_pr_comment
+        if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
+        run: |
+          commentBase64=$(base64 --wrap=0 ${{ steps.pr_comment.outputs.message-file }})
+          echo "message-text-base64=${commentBase64}" | tee -a $GITHUB_OUTPUT
+        
       - name: Comment on PR
-        if: ${{ always() && steps.check_build_required.outputs.run-build == 'true' }}
-        uses: actions/github-script@v3
+        if: ${{ always() && needs.setup.outputs.run_build == 'true' }}
+        uses: actions/github-script@v6
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
             var fs = require('fs');
             var issue_number = ${{ github.event.number }};
             var comment = fs.readFileSync('./pr/comment', {encoding:'utf8', flag:'r'});
-            github.issues.createComment({
+            github.rest.issues.createComment({
               owner: context.repo.owner,
               repo: context.repo.repo,
               issue_number: Number(issue_number),
@@ -261,8 +367,8 @@ jobs:
             });
 
       - name: Add 'authorized-request' label to PR
-        if: ${{ always() && steps.check_pr_content.outcome == 'success' && steps.check_build_required.outputs.run-build == 'true' }}
-        uses: actions/github-script@v3
+        if: ${{ always() && steps.check_pr_content.outcome == 'success' && steps.run-verifier.outcome != 'failure' && needs.setup.outputs.run_build == 'true' }}
+        uses: actions/github-script@v6
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
@@ -271,7 +377,7 @@ jobs:
             var vendor_label = fs.readFileSync('./pr/vendor');
             var chart_name = fs.readFileSync('./pr/chart');
             if (vendor_label.toString() !== "" && chart_name.toString() !== "") {
-              github.issues.addLabels({
+              github.rest.issues.addLabels({
                 issue_number: Number(issue_number),
                 owner: context.repo.owner,
                 repo: context.repo.repo,
@@ -281,77 +387,176 @@ jobs:
       - name: Approve PR
         id: approve_pr
         if: ${{ steps.check_report.conclusion == 'success' }}
-        uses: hmarr/auto-approve-action@v2
+        uses: hmarr/auto-approve-action@v3
         with:
-          github-token: ${{ secrets.GITHUB_TOKEN }}
+          # The token we use for this changes for the Sandbox repository because the sandbox repository
+          # receives PRs from the openshift-helm-charts-bot, and that same bot cannot approve its own
+          # PRs which breaks workflows. Instead, for the Sandbox repo, we approve with the GHA bot.
+          github-token: ${{ github.repository == 'openshift-helm-charts/sandbox' && secrets.GITHUB_TOKEN || secrets.BOT_TOKEN }}
 
       - name: Merge PR
         id: merge_pr
         if: ${{ steps.approve_pr.conclusion == 'success' }}
-        uses: pascalgn/automerge-action@v0.13.1
+        uses: pascalgn/automerge-action@v0.15.6
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.BOT_TOKEN }}
           MERGE_METHOD: squash
           MERGE_LABELS: ""
 
       - name: Check for PR merge
-        if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
+        if: ${{ needs.setup.outputs.run_build == 'true' }}
+        env:
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           ./ve1/bin/check-auto-merge --api-url=${{ github.event.pull_request._links.self.href }}
 
+
+  release:
+    name: Release Chart
+    runs-on: ubuntu-22.04
+    needs: [setup, chart-verifier]
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Checkout PR Branch
+        if: ${{ needs.setup.outputs.run_build == 'true' }}
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name }}
+          path: "pr-branch"
+
+      - name: Set up Python 3.x Part 1
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+
+      - name: Set up Python 3.x Part 2
+        run: |
+          # set up python
+          python3 -m venv ve1
+          cd scripts
+          ../ve1/bin/pip3 install -r requirements.txt
+          ../ve1/bin/pip3 install .
+          cd ..
+
+      - name: install chart verifier for action
+        uses: redhat-actions/openshift-tools-installer@v1
+        with:
+          source: github
+          skip_cache: true
+          chart-verifier: ${{ needs.setup.outputs.verifier-action-image }}
+
       - name: Block until there is no running workflow
-        if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
+        if: ${{ needs.setup.outputs.run_build == 'true' }}
         uses: softprops/turnstyle@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Configure Git
-        if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
+        if: ${{ needs.setup.outputs.run_build == 'true' }}
         run: |
           git config --global user.name "github-actions[bot]"
           git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
 
-      - name: Release Charts
-        if: ${{ steps.check_build_required.outputs.run-build == 'true' }}
+      - name: Prepare Chart Release and index entry
+        if: ${{ needs.setup.outputs.run_build == 'true' }}
         env:
-          GITHUB_REF: ${{ github.ref }}
-          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
-          REPORT_CONTENT: ${{steps.check_report.outputs.report_content}}
-          CHART_ENTRY_NAME: ${{ steps.check_pr_content.outputs.chart-entry-name }}
-          CHART_NAME_WITH_VERSION: ${{ steps.check_pr_content.outputs.chart-name-with-version }}
-          REDHAT_TO_COMMUNITY: ${{ steps.check_report.outputs.redhat_to_community }}
-          PROVIDER_DELIVERY: ${{ steps.check_pr_content.outputs.providerDelivery }}
-        id: release-charts
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
+          REPORT_CONTENT: ${{ needs.chart-verifier.outputs.report_content }}
+          REDHAT_TO_COMMUNITY: ${{ needs.chart-verifier.outputs.redhat_to_community }}
+          WEB_CATALOG_ONLY: ${{ needs.chart-verifier.outputs.web_catalog_only }}
+          OCP_VERSION_RANGE: ${{ steps.get-ocp-range.outputs.ocp-version-range }}
+        id: prepare-chart-release
         run: |
-          tar zxvf ./scripts/dependencies/helm-chart-releaser/chart-releaser_1.2.0_linux_amd64.tar.gz
-          sudo cp -f cr /usr/local/bin/cr
-          INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "refs/heads/gh-pages"; else echo "${GITHUB_REF}-gh-pages"; fi)
-          CWD=`pwd`
           cd pr-branch
-          ../ve1/bin/chart-repo-manager --repository=${{ github.repository }} --index-branch=${INDEX_BRANCH} --api-url=${{ github.event.pull_request._links.self.href }} --pr-number=${{ github.event.number }}
-          cd ${CWD}
-
-      - name: Release
-        if: ${{ steps.release-charts.outputs.tag != '' }}
-        uses: softprops/action-gh-release@v0.1.12
-        continue-on-error: true
+          ../ve1/bin/chart-repo-manager \
+            --repository=${{ github.repository }} \
+            --api-url=${{ github.event.pull_request._links.self.href }} \
+
+      # Upload the report file, potentially paired with a public key and, if provided, the chart's tarball and its prov file.
+      # Only the report file is always included.
+      # The release tag format is <organization_name>-<chart_name>-<chart_version>
+      - name: Create GitHub release
+        if: ${{ needs.chart-verifier.outputs.web_catalog_only == 'False' }}
+        uses: softprops/action-gh-release@v0.1.15
         with:
-          tag_name: ${{ steps.release-charts.outputs.tag }}
-          files: pr-branch/report.yaml
+          tag_name: ${{ needs.chart-verifier.outputs.release_tag }}
+          files: |
+              ${{ steps.prepare-chart-release.outputs.report_file }}
+              ${{ steps.prepare-chart-release.outputs.public_key_file }}
+              ${{ steps.prepare-chart-release.outputs.path_to_chart_tarball }}
+              ${{ steps.prepare-chart-release.outputs.prov_file_name }}
           fail_on_unmatched_files: true
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+      - name: Update Helm repository index
+        if: ${{ needs.setup.outputs.run_build == 'true' }}
+        env:
+          CHART_ENTRY_NAME: ${{ needs.chart-verifier.outputs.chart_entry_name }}
+          WEB_CATALOG_ONLY: ${{ needs.chart-verifier.outputs.web_catalog_only }}
+        run: |
+          INDEX_BRANCH=$(if [ "${GITHUB_REF}" = "refs/heads/main" ]; then echo "gh-pages"; else echo "${GITHUB_REF##*/}-gh-pages"; fi)
+
+          echo "[INFO] Creating Git worktree for index branch"
+          INDEX_DIR=$(mktemp -d)
+          git remote add upstream "$GITHUB_SERVER_URL"/"$GITHUB_REPOSITORY"
+          git fetch upstream "$INDEX_BRANCH"
+          git worktree add --detach "$INDEX_DIR" upstream/"$INDEX_BRANCH"
+
+          if [ "$WEB_CATALOG_ONLY" == "True" ]; then
+            INDEX_FILE="unpublished-certified-charts.yaml"
+          else
+            INDEX_FILE="index.yaml"
+          fi
+
+          source ve1/bin/activate
+          cd $INDEX_DIR
+          update-index \
+            --index-branch=${INDEX_BRANCH} \
+            --index-file=${INDEX_FILE} \
+            --repository=${{ github.repository }} \
+            --chart-entry="${{ steps.prepare-chart-release.outputs.chart_entry }}" \
+            --chart-url="${{ steps.prepare-chart-release.outputs.chart_url }}" \
+            --version="${{ steps.prepare-chart-release.outputs.version }}"
+
+          echo "[INFO] Add and commit changes to git"
+          git status
+          git add $INDEX_FILE
+          git status
+          git commit -m "$RELEASE_TAG $INDEX_FILE (${{ github.event.number }})"
+          git status
+          git push \
+            https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} \
+            HEAD:refs/heads/${INDEX_BRANCH}
+
+      # Note(komish): This step is a temporary workaround. Metrics requires the PR comment
+      # to be available, but it is written to the filesystem in the previous job.
+      # This can be removed once the metrics execution is restructured to have access to the PR
+      # comment, or pulled out of the release job entirely.
+      - name: Retrieve PR comment for metrics
+        if: ${{ always() && needs.setup.outputs.run_build == 'true' && env.GITHUB_REPOSITORY != 'openshift-helm-charts/sandbox' }}
+        run: |
+          mkdir -p $(dirname ${{ needs.chart-verifier.outputs.message_file }})
+          echo ${{ needs.chart-verifier.outputs.message_text_base64 }} | base64 -d | tee ${{ needs.chart-verifier.outputs.message_file }}
+
       - name: Add metrics
-        if: always() && steps.check_build_required.outputs.run-build == 'true'
+        id: add_metrics
+        if: ${{ always() && needs.setup.outputs.run_build == 'true' && env.GITHUB_REPOSITORY != 'openshift-helm-charts/sandbox' }}
+        continue-on-error: true
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           if [ $GITHUB_REPOSITORY == "openshift-helm-charts/charts" ]; then
               WRITE_KEY=${{ secrets.SEGMENT_WRITE_KEY }}
+              ID_PREFIX="helm-metric-pr"
               echo "Use segment production write key"
           else
               WRITE_KEY=${{ secrets.SEGMENT_TEST_WRITE_KEY }}
+              ID_PREFIX="helm-test-metric-pr"
               echo "Use segment test write key"
           fi
 
@@ -359,10 +564,21 @@ jobs:
               echo "add PR run metric"
               ve1/bin/metrics --write-key="${WRITE_KEY}" \
                               --metric-type="pull_request" \
-                              --message-file="${{ steps.pr_comment.outputs.message-file }}" \
+                              --message-file="${{ needs.chart-verifier.outputs.message_file }}" \
                               --pr-number="${{ github.event.number }}" \
                               --pr-action="${{ github.event.action }}" \
-                              --repository="${GITHUB_REPOSITORY}"
+                              --repository="${GITHUB_REPOSITORY}" \
+                              --prefix="${ID_PREFIX}" \
+                              --pr_dir="./pr-branch"
           else
               echo "Do not collect metrics, required segment write key is not set"
           fi
+
+      - name: Alert Slack helm_dev on failure to update metrics
+        continue-on-error: true
+        if: steps.add_metrics.outcome == 'failure'
+        uses: archive/github-actions-slack@v2.7.0
+        with:
+          slack-bot-user-oauth-access-token: ${{ secrets.SLACK_BOT_USER_OAUTH_ACCESS_TOKEN }}
+          slack-channel: C02979BDUPL
+          slack-text: Failure! Updating metrics during a chart certification. See '${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}'
diff --git a/.github/workflows/check-contributor.yml b/.github/workflows/check-contributor.yml
new file mode 100644
index 00000000000..b4b7d2b78c9
--- /dev/null
+++ b/.github/workflows/check-contributor.yml
@@ -0,0 +1,77 @@
+name: Check Contributor
+
+# Checks that the input user exists in the approvers section
+# of a given OWNERS file.
+#
+# Returns true/false at the is-repo-owner output.
+#
+# Can be configured to fail altogether for contexts where it makes sense,
+# but in cases where this needs to return a green check mark, it is the
+# the caller's responsibility to evaluate the is-repo-owner output to inform
+# whether to proceed with subsequent tasks.
+#
+# Intended for use with workflows triggered by pull_request_target (or similar)
+# events.
+
+on:
+  workflow_call:
+    inputs:
+      user:
+        type: string
+        required: true
+        description: 
+          the user to evaluate
+      fail-workflow-if-not:
+        type: boolean
+        required: false
+        default: false
+        description: |
+          fails this workflow if the contributor is not an owner, 
+          or the evaluation fails for any other reason
+    outputs:
+      is-repo-owner: # 'true' / 'false'
+        description: whether the input user is a repo owner
+        value: ${{ jobs.check-contributor.outputs.is-repo-owner }}
+jobs:
+  check-contributor:
+    outputs:
+      is-repo-owner: ${{ steps.populate-output.outputs.is-repo-owner }}
+    name: Contributor is repo owner
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout repository base
+        uses: actions/checkout@v3
+      
+      - name: Set up Python
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+      
+      - name: Install CI Scripts
+        run: |
+          # set up python scripts
+          echo "set up python script in $PWD"
+          python3 -m venv ve1
+          cd scripts
+          ../ve1/bin/pip3 install -r requirements.txt
+          ../ve1/bin/pip3 install .
+          cd ..
+      
+      - name: Check contributor
+        # The return code from this script is what's important in this workflow.
+        id: check-contributor
+        continue-on-error: true
+        run: |
+          ./ve1/bin/user-is-repo-owner ${{ inputs.user }}
+      
+      - name: Add result to output
+        id: populate-output
+        # Outcome is the result of the workflow before continue-on-error is applied.
+        run: |
+          echo "is-repo-owner=${{ steps.check-contributor.outcome == 'success' }}" >> $GITHUB_OUTPUT
+      
+      - name: Fail if requested and the user is not a repo owner
+        if: inputs.fail-workflow-if-not && steps.populate-output.outputs.is-repo-owner != 'true'
+        run: |
+          echo "::error::Workflow is failing at the caller's request."
+          exit -1
diff --git a/.github/workflows/ci-enabled.yml b/.github/workflows/ci-enabled.yml
new file mode 100644
index 00000000000..e4a36ef02ab
--- /dev/null
+++ b/.github/workflows/ci-enabled.yml
@@ -0,0 +1,41 @@
+name: Ensure CI is Enabled
+# This workflow allows a project to disable workflows based on a repository or
+# organizational environment variable. 
+#
+# Create a repo or org environment variable with its value set to 'true'
+# for this workflow to succeed. Any other value should cause this workflow
+# to fail.
+#
+# https://docs.github.com/en/actions/learn-github-actions/variables#creating-configuration-variables-for-a-repository
+#
+# Example usage, assuming this workflow is local to your repository:
+#
+# jobs:
+#   ensure_ci_enabled:
+#     uses: ./.github/workflows/check-ci-enabled.yml
+#     with:
+#       is-enabled: ${{ vars.CUSTOM_VAR_CI_ENABLED }}
+#
+#   next_task:
+#     needs: ensure_ci_enabled
+#     runs-on: ubuntu-latest
+#     steps:
+#     - ...
+
+on:
+  workflow_call:
+    inputs:
+      is-enabled:
+        type: string
+        required: true
+
+jobs:
+  fail_if_ci_disabled:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check enablement value
+      run: |
+        test "${{ inputs.is-enabled }}" = "true" \
+          || { echo "::error::Halting because this repo/org/env configuration has not explicitly enabled this CI."; \
+            exit 1 ;}
+        echo "::notice::CI is enabled!"
\ No newline at end of file
diff --git a/.github/workflows/mercury_bot.yml b/.github/workflows/mercury_bot.yml
new file mode 100644
index 00000000000..2a7cf50897f
--- /dev/null
+++ b/.github/workflows/mercury_bot.yml
@@ -0,0 +1,102 @@
+name: OWNERS PR Check
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened, edited, ready_for_review, labeled]
+
+jobs:
+  owners-file-check:
+    name: OWNERS file PR checker
+    runs-on: ubuntu-20.04
+    if: github.event.pull_request.draft == false && github.actor == 'redhat-mercury-bot'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        
+      - name: Set up Python 3.x Part 1
+        uses: actions/setup-python@v4
+        with:
+          python-version: "3.10"
+
+      - name: Set up Python 3.x Part 2
+        run: |
+          # set up python
+          python3 -m venv ve1
+          cd scripts
+          ../ve1/bin/pip3 install -r requirements.txt
+          ../ve1/bin/pip3 install .
+          cd ..
+
+      - name: get files changed
+        id: get_files_changed
+        env:
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
+        run: |
+          # get files in PR
+          ./ve1/bin/pr-artifact --api-url=${{ github.event.pull_request._links.self.href }} \
+                                --get-files
+
+      - name: check if only an OWNERS file is pushed
+        id: check_for_owners
+        env:
+          pr_files_py: "${{ steps.get_files_changed.outputs.pr_files }}"
+        run: |
+          # check if PR contains just one partner OWNERS file
+          pr_files=($(echo "$pr_files_py" | tr -d '[],'))
+          echo "Files in PR: ${pr_files[@]}"
+          eval first_file=${pr_files[0]}
+          if [ ${#pr_files[@]} == 1 ]; then
+            eval first_file=${pr_files[0]}
+            if [[ $first_file == "charts/partners/"*/*"/OWNERS" ]] ; then
+                echo "An OWNERS file has been modified or added"
+                echo "merge_pr=true" >> $GITHUB_OUTPUT
+            else
+              echo "The file in the PR is not a partner OWNERS file"
+              echo "merge_pr=false" >> $GITHUB_OUTPUT
+              echo "msg=ERROR: PR does not include a partner OWNERS file." >> $GITHUB_OUTPUT
+            fi
+          else
+            echo "The PR contains multiple files."
+            echo "msg=ERROR: PR contains multiple files." >> $GITHUB_OUTPUT
+            echo "merge_pr=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Comment on PR
+        if: ${{ steps.check_for_owners.outputs.merge_pr == 'false' }}
+        uses: actions/github-script@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          script: |
+              var issue_number = ${{ github.event.number }};
+              var comment = "${{ steps.check_for_owners.outputs.msg }}";
+              github.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: Number(issue_number),
+                body: comment
+              });
+
+      - name: Reflect on check for OWNERS file result
+        if: ${{ steps.check_for_owners.outputs.merge_pr == 'false' }}
+        run: |
+          # exit with failure if PR is not for a single partner OWNERS file
+          echo "The PR was not for a single partner OWNERS file."
+          exit 1
+
+      - name: Approve PR
+        id: approve_pr
+        if: ${{ steps.check_for_owners.outputs.merge_pr == 'true' }}
+        uses: hmarr/auto-approve-action@v3
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Merge PR
+        id: merge_pr
+        if: ${{ steps.approve_pr.conclusion == 'success' }}
+        uses: pascalgn/automerge-action@v0.15.6
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MERGE_METHOD: squash
+          MERGE_LABELS: ""
+
+
diff --git a/.github/workflows/python-style.yml b/.github/workflows/python-style.yml
new file mode 100644
index 00000000000..bec86bdf006
--- /dev/null
+++ b/.github/workflows/python-style.yml
@@ -0,0 +1,29 @@
+name: Python Style
+
+on:
+  pull_request:
+    paths:
+    # Only trigger on core script changes
+    - 'scripts/**.py'
+
+jobs:
+  enforce:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v4
+    - name: Set up Python 3.x Part 1
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.10"
+    - name: Install style tooling
+      working-directory: scripts
+      run: make venv.codestyle
+    - name: Run formatter
+      working-directory: scripts
+      run: make ci.format
+      # Temporarily auto-pass linting until we are able to manually review and
+      # address.
+    - name: Run linter
+      working-directory: scripts
+      run: make lint || true
\ No newline at end of file
diff --git a/.github/workflows/test-ci-enabled.yml b/.github/workflows/test-ci-enabled.yml
new file mode 100644
index 00000000000..87f1c644b50
--- /dev/null
+++ b/.github/workflows/test-ci-enabled.yml
@@ -0,0 +1,14 @@
+name: Test CERTIFICATION_ENABLED
+
+# A developer convenience workflow.
+# Tests to see if the CERTIFICATION_ENABLED value indicates
+# certification is enabled.
+
+on:
+  workflow_dispatch:
+
+jobs:
+  test_certification_enabled:
+    uses: ./.github/workflows/ci-enabled.yml
+    with:
+      is-enabled: ${{ vars.CERTIFICATION_ENABLED }}
diff --git a/.github/workflows/test-cluster-access.yml b/.github/workflows/test-cluster-access.yml
new file mode 100644
index 00000000000..3d2b2598dbd
--- /dev/null
+++ b/.github/workflows/test-cluster-access.yml
@@ -0,0 +1,28 @@
+name: Test Cluster Access
+
+# Intended to be used when cluster secrets change (e.g. when transitioning to
+# new clusters), this workflow confirms access to the cluster.
+
+on:
+  workflow_dispatch:
+
+jobs:
+  test-cluster-access:
+    name: Test Cluster Access
+    runs-on: ubuntu-22.04
+    steps:
+    - name: Install oc
+      uses: redhat-actions/openshift-tools-installer@v1
+      with:
+        oc: latest
+    - name: Read API_SERVER endpoint
+      id: login-params
+      run: |
+        API_SERVER=$( echo -n ${{ secrets.API_SERVER }} | base64 -d)
+        echo "API_SERVER=${API_SERVER}" >> $GITHUB_OUTPUT
+    - uses: redhat-actions/oc-login@v1
+      id: oc_login
+      with:
+        openshift_server_url: ${{ steps.login-params.outputs.API_SERVER }}
+        openshift_token: ${{ secrets.CLUSTER_TOKEN }}
+        insecure_skip_tls_verify: true
\ No newline at end of file
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index b16d02b61bd..d52c49bb217 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -25,14 +25,22 @@ on:
         default: ""
 
 jobs:
+  check-contributor:
+    name: Check contributor
+    uses: ./.github/workflows/check-contributor.yml
+    with:
+      user: ${{ github.event.pull_request.user.login }}
+
   workflow-test:
     name: Workflow Test
+    needs: [check-contributor]
     runs-on: ubuntu-20.04
     if: |
-      github.event.pull_request.draft == false
+      github.event.pull_request.draft == false &&
+      needs.check-contributor.outputs.is-repo-owner == 'true'
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           repository: ${{ github.event.pull_request.head.repo.full_name }}
           ref: ${{ github.event.pull_request.head.sha }}
@@ -40,19 +48,23 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python 3.x Part 1
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
-          python-version: "3.9"
+          python-version: "3.10"
 
       - name: Set up Python 3.x Part 2
         run: |
           # set up python requirements and scripts
           python3 -m venv ve1
-          cd scripts && ../ve1/bin/pip3 install -r requirements.txt && cd ..
-          cd scripts && ../ve1/bin/python3 setup.py install && cd ..
+          cd scripts
+          ../ve1/bin/pip3 install -r requirements.txt
+          ../ve1/bin/pip3 install .
+          cd ..
 
       - name: Check Request
         id: check_request
+        env:
+          BOT_TOKEN: ${{ secrets.BOT_TOKEN }}
         run: |
           # check if workflow testing should run.
           echo "Request type: '$GITHUB_EVENT_NAME'"
@@ -102,7 +114,7 @@ jobs:
           PR_NUMBER: ${{ github.event.pull_request.number }}
           PR_BODY: "Test triggered by ${{ github.event.pull_request.html_url }}."
         run: |
-          echo "Full test in pr : {{steps.check_request.outputs.full_tests_in_pr }}"
+          echo "Full test in pr : ${{ steps.check_request.outputs.full_tests_in_pr }}"
           if ${{steps.check_if_release_pr.outputs.charts_release_branch == 'true' || steps.check_request.outputs.full_tests_in_pr == 'true' }} ; then
             echo "Release PR from dev to charts, oer PR with new full test, so running full tests"
             ve1/bin/behave tests/functional/behave_features/ --tags=full --logging-level=WARNING --no-capture --no-color
@@ -135,14 +147,14 @@ jobs:
       - name: Approve PR
         id: approve_pr
         if: ${{ steps.check_if_release_pr.outputs.charts_release_branch == 'true' }}
-        uses: hmarr/auto-approve-action@v2
+        uses: hmarr/auto-approve-action@v3
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Merge PR
         id: merge_pr
         if: ${{ steps.check_if_release_pr.outputs.charts_release_branch == 'true' }}
-        uses: pascalgn/automerge-action@v0.13.1
+        uses: pascalgn/automerge-action@v0.15.6
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           MERGE_METHOD: squash
diff --git a/OWNERS b/OWNERS
index 1af0aeed852..dea4d4a1518 100644
--- a/OWNERS
+++ b/OWNERS
@@ -1,6 +1,9 @@
 # See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md
 
 approvers:
+- komish
+- jsm84
+- jomkz
 - baijum
 - mmulholla
 - jasperchui
@@ -10,6 +13,9 @@ approvers:
 - Kartikey-star
 
 reviewers:
+- komish
+- jsm84
+- jomkz
 - baijum
 - mmulholla
 - jasperchui
diff --git a/charts/partners/araszka/araszka-catalog/OWNERS b/charts/partners/araszka/araszka-catalog/OWNERS
new file mode 100644
index 00000000000..504d5356b24
--- /dev/null
+++ b/charts/partners/araszka/araszka-catalog/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: araszka-catalog
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: araszka
+  name: Red Hat
diff --git a/charts/partners/araszka/araszka-test/OWNERS b/charts/partners/araszka/araszka-test/OWNERS
new file mode 100644
index 00000000000..1da449ea4ec
--- /dev/null
+++ b/charts/partners/araszka/araszka-test/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: araszka-test
+  shortDescription: Description
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: Allda
+vendor:
+  label: araszka
+  name: Red Hat
diff --git a/charts/partners/araszka/helm-test-project-123/OWNERS b/charts/partners/araszka/helm-test-project-123/OWNERS
new file mode 100644
index 00000000000..f280d3f60ed
--- /dev/null
+++ b/charts/partners/araszka/helm-test-project-123/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helm-test-project-123
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: araszka
+  name: Red Hat
diff --git a/charts/partners/araszka/test30/OWNERS b/charts/partners/araszka/test30/OWNERS
new file mode 100644
index 00000000000..10e4582398d
--- /dev/null
+++ b/charts/partners/araszka/test30/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: test30
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: araszka
+  name: Red Hat
diff --git a/charts/partners/araszka/vault-test/OWNERS b/charts/partners/araszka/vault-test/OWNERS
new file mode 100644
index 00000000000..84a5c18a37f
--- /dev/null
+++ b/charts/partners/araszka/vault-test/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: vault-test
+  shortDescription: short
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: jsm84
+- githubUsername: acornett21
+vendor:
+  label: araszka
+  name: Red Hat
diff --git a/charts/partners/atiwary-containers/12334555/OWNERS b/charts/partners/atiwary-containers/12334555/OWNERS
new file mode 100644
index 00000000000..89ed2ad7a5b
--- /dev/null
+++ b/charts/partners/atiwary-containers/12334555/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: '12334555'
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: atiwary-containers
+  name: Red Hat, Inc.
diff --git a/charts/partners/container-test/aaa/OWNERS b/charts/partners/container-test/aaa/OWNERS
new file mode 100644
index 00000000000..f48dc214a4c
--- /dev/null
+++ b/charts/partners/container-test/aaa/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: aaa
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/.helmignore b/charts/partners/container-test/chart-951-redhat/0.21.67/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/CHANGELOG.md b/charts/partners/container-test/chart-951-redhat/0.21.67/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/CONTRIBUTING.md b/charts/partners/container-test/chart-951-redhat/0.21.67/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/Chart.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/Chart.yaml
new file mode 100644
index 00000000000..a40096213eb
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: chart-951-redhat
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.67
+annotations:
+  charts.openshift.io/name: chart-951-redhat
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/LICENSE.md b/charts/partners/container-test/chart-951-redhat/0.21.67/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/Makefile b/charts/partners/container-test/chart-951-redhat/0.21.67/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/README.md b/charts/partners/container-test/chart-951-redhat/0.21.67/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/NOTES.txt b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/_helpers.tpl b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-clusterrole.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-clusterrolebinding.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-daemonset.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-serviceaccount.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-certs-secret.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-clusterrole.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-clusterrolebinding.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-deployment.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-disruptionbudget.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-mutating-webhook.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-network-policy.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-psp-role.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-psp-rolebinding.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-psp.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-role.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-rolebinding.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-service.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-serviceaccount.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-clusterrolebinding.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-config-configmap.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-discovery-role.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-discovery-rolebinding.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-disruptionbudget.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-ha-active-service.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-ha-standby-service.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-headless-service.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-ingress.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-network-policy.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-psp-role.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-psp-rolebinding.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-psp.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-route.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-service.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-serviceaccount.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-statefulset.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/tests/server-test.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/ui-service.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/values.openshift.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/values.schema.json b/charts/partners/container-test/chart-951-redhat/0.21.67/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/container-test/chart-951-redhat/0.21.67/src/values.yaml b/charts/partners/container-test/chart-951-redhat/0.21.67/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/0.21.67/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/container-test/chart-951-redhat/OWNERS b/charts/partners/container-test/chart-951-redhat/OWNERS
new file mode 100644
index 00000000000..fe9c4186322
--- /dev/null
+++ b/charts/partners/container-test/chart-951-redhat/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: chart-951-redhat
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/chart-951-webonly/OWNERS b/charts/partners/container-test/chart-951-webonly/OWNERS
new file mode 100644
index 00000000000..a9c51642b0a
--- /dev/null
+++ b/charts/partners/container-test/chart-951-webonly/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: chart-951-webonly
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/chart951-external/0.21.68/report.yaml b/charts/partners/container-test/chart951-external/0.21.68/report.yaml
new file mode 100644
index 00000000000..3732dfe2ba7
--- /dev/null
+++ b/charts/partners/container-test/chart951-external/0.21.68/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:7212870875201368831
+        chart-uri: https://github.com/bovem/external-helm-charts/raw/main/container-test-chart951-external-0.21.68.tgz
+        digests:
+            chart: sha256:d213b28c2e2908c65eb1b68889b85de93b8fecf2d0f9a125b8bfcf65378f4957
+            package: 11fea89f05c0b95024ea5151cacba35cbfd0c3c181dca8a3a18c6e64d8be4068
+        lastCertifiedTimestamp: "2023-07-24T13:13:14.665892+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: false
+    chart:
+        name: chart951-external
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.68
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: chart-951-redhat
+        kubeversion: '>= 1.26.0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+
diff --git a/charts/partners/container-test/chart951-external/OWNERS b/charts/partners/container-test/chart951-external/OWNERS
new file mode 100644
index 00000000000..f484bceb9b6
--- /dev/null
+++ b/charts/partners/container-test/chart951-external/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: chart951-external
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/cnf-helm/OWNERS b/charts/partners/container-test/cnf-helm/OWNERS
new file mode 100644
index 00000000000..69611d83965
--- /dev/null
+++ b/charts/partners/container-test/cnf-helm/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: cnf-helm
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/demo/OWNERS b/charts/partners/container-test/demo/OWNERS
index bda75bb46a4..00d505905ec 100644
--- a/charts/partners/container-test/demo/OWNERS
+++ b/charts/partners/container-test/demo/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: demo
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
diff --git a/charts/partners/container-test/gbjhgfjhsdgf/OWNERS b/charts/partners/container-test/gbjhgfjhsdgf/OWNERS
new file mode 100644
index 00000000000..7ee7fc37804
--- /dev/null
+++ b/charts/partners/container-test/gbjhgfjhsdgf/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: gbjhgfjhsdgf
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/.helmignore b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/CHANGELOG.md b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/CONTRIBUTING.md b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/Chart.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..8c74fb713d8
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: giriraj-project-helm-chart
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: giriraj-project-helm-chart
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/LICENSE.md b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/Makefile b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/README.md b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/NOTES.txt b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/_helpers.tpl b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-psp.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-role.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-service.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-ingress.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-psp.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-route.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-service.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/ui-service.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/values.openshift.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/values.schema.json b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/values.yaml b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/container-test/giriraj-project-helm-chart/OWNERS b/charts/partners/container-test/giriraj-project-helm-chart/OWNERS
new file mode 100644
index 00000000000..19c835dfab6
--- /dev/null
+++ b/charts/partners/container-test/giriraj-project-helm-chart/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: giriraj-project-helm-chart
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users:
+- githubUsername: sawalgiriraj
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/gjkrghjkhgkj/OWNERS b/charts/partners/container-test/gjkrghjkhgkj/OWNERS
index e67fc855827..61254ca137d 100644
--- a/charts/partners/container-test/gjkrghjkhgkj/OWNERS
+++ b/charts/partners/container-test/gjkrghjkhgkj/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: gjkrghjkhgkj
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
diff --git a/charts/partners/container-test/helm-2023/OWNERS b/charts/partners/container-test/helm-2023/OWNERS
new file mode 100644
index 00000000000..1e0bd29dbd2
--- /dev/null
+++ b/charts/partners/container-test/helm-2023/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-2023
+  shortDescription: null
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: lslavkov
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helm-chart-1605/OWNERS b/charts/partners/container-test/helm-chart-1605/OWNERS
new file mode 100644
index 00000000000..349b19dd0e8
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-1605/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-chart-1605
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/.helmignore b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/CHANGELOG.md b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/CONTRIBUTING.md b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/Chart.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..1ccff287fc2
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-chart-cnf
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: helm-chart-cnf
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/LICENSE.md b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/Makefile b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/README.md b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/NOTES.txt b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/_helpers.tpl b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-psp.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-role.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-service.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-ingress.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-psp.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-route.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-service.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/ui-service.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/values.openshift.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/values.schema.json b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/container-test/helm-chart-cnf/0.21.0/src/values.yaml b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/container-test/helm-chart-cnf/OWNERS b/charts/partners/container-test/helm-chart-cnf/OWNERS
new file mode 100644
index 00000000000..635fdd9f3e8
--- /dev/null
+++ b/charts/partners/container-test/helm-chart-cnf/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: helm-chart-cnf
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: maveric-tellrv
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helm-cnf-release/OWNERS b/charts/partners/container-test/helm-cnf-release/OWNERS
new file mode 100644
index 00000000000..e89b1c9964e
--- /dev/null
+++ b/charts/partners/container-test/helm-cnf-release/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helm-cnf-release
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helm-container-test-chart/OWNERS b/charts/partners/container-test/helm-container-test-chart/OWNERS
index ec2d2fd61e3..cbbc1264192 100644
--- a/charts/partners/container-test/helm-container-test-chart/OWNERS
+++ b/charts/partners/container-test/helm-container-test-chart/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: helm-container-test-chart
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
diff --git a/charts/partners/container-test/helm-e2e/OWNERS b/charts/partners/container-test/helm-e2e/OWNERS
index 0a508fc9a84..6674fd94f00 100644
--- a/charts/partners/container-test/helm-e2e/OWNERS
+++ b/charts/partners/container-test/helm-e2e/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: helm-e2e
   shortDescription: 'Short description '
+providerDelivery: false
 publicPgpKey: dGVzdCBrZXk=
 users:
 - githubUsername: Aishwarya-Urne
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/.helmignore b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/CHANGELOG.md b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/CONTRIBUTING.md b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/Chart.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..4b5ab25684d
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-stage-cnf
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: helm-stage-cnf
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/LICENSE.md b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/Makefile b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/README.md b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/NOTES.txt b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/_helpers.tpl b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-psp.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-role.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-service.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-ingress.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-psp.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-route.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-service.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/ui-service.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/values.openshift.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/values.schema.json b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/container-test/helm-stage-cnf/0.21.0/src/values.yaml b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/container-test/helm-stage-cnf/OWNERS b/charts/partners/container-test/helm-stage-cnf/OWNERS
new file mode 100644
index 00000000000..48ca8f786a5
--- /dev/null
+++ b/charts/partners/container-test/helm-stage-cnf/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: helm-stage-cnf
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: Aishwarya-Urne
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helm/OWNERS b/charts/partners/container-test/helm/OWNERS
new file mode 100644
index 00000000000..d7b3c5a1584
--- /dev/null
+++ b/charts/partners/container-test/helm/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helm
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchart-951-webonly/OWNERS b/charts/partners/container-test/helmchart-951-webonly/OWNERS
new file mode 100644
index 00000000000..55729b5566b
--- /dev/null
+++ b/charts/partners/container-test/helmchart-951-webonly/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmchart-951-webonly
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-08-12-2022-18-18-29358922/OWNERS b/charts/partners/container-test/helmchartautomation-08-12-2022-18-18-29358922/OWNERS
new file mode 100644
index 00000000000..3d38c4b3fca
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-08-12-2022-18-18-29358922/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmchartautomation-08-12-2022-18-18-29358922
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-08-12-2022-18-18-2962455/OWNERS b/charts/partners/container-test/helmchartautomation-08-12-2022-18-18-2962455/OWNERS
new file mode 100644
index 00000000000..fb1577fab23
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-08-12-2022-18-18-2962455/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmchartautomation-08-12-2022-18-18-2962455
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-08-12-2022-18-18-29935397/OWNERS b/charts/partners/container-test/helmchartautomation-08-12-2022-18-18-29935397/OWNERS
new file mode 100644
index 00000000000..1681dfa670b
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-08-12-2022-18-18-29935397/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmchartautomation-08-12-2022-18-18-29935397
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-08-12-2022-18-30-5351016/OWNERS b/charts/partners/container-test/helmchartautomation-08-12-2022-18-30-5351016/OWNERS
new file mode 100644
index 00000000000..ab2547a9626
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-08-12-2022-18-30-5351016/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmchartautomation-08-12-2022-18-30-5351016
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-08-12-2022-18-37-2915748/OWNERS b/charts/partners/container-test/helmchartautomation-08-12-2022-18-37-2915748/OWNERS
new file mode 100644
index 00000000000..1bf0ba0a62d
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-08-12-2022-18-37-2915748/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-08-12-2022-18-37-2915748
+  shortDescription: Short repo description for helm chart
+providerDelivery: true
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-08-12-2022-18-37-29864177/OWNERS b/charts/partners/container-test/helmchartautomation-08-12-2022-18-37-29864177/OWNERS
new file mode 100644
index 00000000000..76933894872
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-08-12-2022-18-37-29864177/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-08-12-2022-18-37-29864177
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-08-12-2022-18-37-29880471/OWNERS b/charts/partners/container-test/helmchartautomation-08-12-2022-18-37-29880471/OWNERS
new file mode 100644
index 00000000000..80d0473c9ba
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-08-12-2022-18-37-29880471/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmchartautomation-08-12-2022-18-37-29880471
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-08-12-2022-18-52-39112961/OWNERS b/charts/partners/container-test/helmchartautomation-08-12-2022-18-52-39112961/OWNERS
new file mode 100644
index 00000000000..f63d0db87b5
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-08-12-2022-18-52-39112961/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmchartautomation-08-12-2022-18-52-39112961
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-08-12-2022-18-52-39700371/OWNERS b/charts/partners/container-test/helmchartautomation-08-12-2022-18-52-39700371/OWNERS
new file mode 100644
index 00000000000..514fe53024e
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-08-12-2022-18-52-39700371/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-08-12-2022-18-52-39700371
+  shortDescription: Short repo description for helm chart
+providerDelivery: true
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-08-12-2022-18-52-39744139/OWNERS b/charts/partners/container-test/helmchartautomation-08-12-2022-18-52-39744139/OWNERS
new file mode 100644
index 00000000000..c51c60abbb3
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-08-12-2022-18-52-39744139/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-08-12-2022-18-52-39744139
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-12-26-13/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-12-26-13/OWNERS
new file mode 100644
index 00000000000..8404ab2c3e7
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-12-26-13/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-12-26-13
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-15-42-51/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-15-42-51/OWNERS
new file mode 100644
index 00000000000..b3863203b6d
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-15-42-51/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-15-42-51
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-15-48-43/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-15-48-43/OWNERS
new file mode 100644
index 00000000000..a05e5b2fe2d
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-15-48-43/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-15-48-43
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-16-12-52/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-16-12-52/OWNERS
new file mode 100644
index 00000000000..d229bc21fde
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-16-12-52/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-16-12-52
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-16-15-25/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-16-15-25/OWNERS
new file mode 100644
index 00000000000..8e24e25ad6c
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-16-15-25/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-16-15-25
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-16-25-11/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-16-25-11/OWNERS
new file mode 100644
index 00000000000..0991d218963
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-16-25-11/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-16-25-11
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-16-28-26/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-16-28-26/OWNERS
new file mode 100644
index 00000000000..6126391ab76
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-16-28-26/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-16-28-26
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-16-30-58/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-16-30-58/OWNERS
new file mode 100644
index 00000000000..4dd9ddb1914
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-16-30-58/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-16-30-58
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-16-37-45/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-16-37-45/OWNERS
new file mode 100644
index 00000000000..9c010e2ee29
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-16-37-45/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-16-37-45
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-16-56-36/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-16-56-36/OWNERS
new file mode 100644
index 00000000000..c586d1b0eb8
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-16-56-36/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-16-56-36
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-16-57-56/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-16-57-56/OWNERS
new file mode 100644
index 00000000000..ce0386f3d55
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-16-57-56/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-16-57-56
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-16-59-33/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-16-59-33/OWNERS
new file mode 100644
index 00000000000..3860c9ba639
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-16-59-33/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-16-59-33
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-17-22-50/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-17-22-50/OWNERS
new file mode 100644
index 00000000000..5a96ff18879
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-17-22-50/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-17-22-50
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-18-24-49/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-18-24-49/OWNERS
new file mode 100644
index 00000000000..a9db6e61a46
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-18-24-49/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-18-24-49
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-18-38-13/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-18-38-13/OWNERS
new file mode 100644
index 00000000000..bb2dee2dfc1
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-18-38-13/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-18-38-13
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-18-41-32188332/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-18-41-32188332/OWNERS
new file mode 100644
index 00000000000..6f11c6a4019
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-18-41-32188332/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-18-41-32188332
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-18-41-32462339/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-18-41-32462339/OWNERS
new file mode 100644
index 00000000000..de9c4ce953b
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-18-41-32462339/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-18-41-32462339
+  shortDescription: Short repo description for helm chart
+providerDelivery: true
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-18-41-32717585/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-18-41-32717585/OWNERS
new file mode 100644
index 00000000000..8507a43c522
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-18-41-32717585/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmchartautomation-21-11-2022-18-41-32717585
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-18-48-22763298/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-18-48-22763298/OWNERS
new file mode 100644
index 00000000000..3b8167fdcdf
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-18-48-22763298/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmchartautomation-21-11-2022-18-48-22763298
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-19-11-8331305/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-19-11-8331305/OWNERS
new file mode 100644
index 00000000000..17921cd78d6
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-19-11-8331305/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-19-11-8331305
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-19-12-5918609/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-19-12-5918609/OWNERS
new file mode 100644
index 00000000000..12344877c0e
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-19-12-5918609/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-19-12-5918609
+  shortDescription: Short repo description for helm chart
+providerDelivery: true
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-19-12-59385367/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-19-12-59385367/OWNERS
new file mode 100644
index 00000000000..5dd5f36ea4f
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-19-12-59385367/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-19-12-59385367
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-19-12-5965354/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-19-12-5965354/OWNERS
new file mode 100644
index 00000000000..0b6378ebd26
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-19-12-5965354/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-19-12-5965354
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-19-24-51334921/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-19-24-51334921/OWNERS
new file mode 100644
index 00000000000..fb45a18c872
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-19-24-51334921/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-19-24-51334921
+  shortDescription: Short repo description for helm chart
+providerDelivery: true
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-19-24-51339099/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-19-24-51339099/OWNERS
new file mode 100644
index 00000000000..bfc62ae7a27
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-19-24-51339099/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-19-24-51339099
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-19-24-51402313/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-19-24-51402313/OWNERS
new file mode 100644
index 00000000000..58fd9bd73ed
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-19-24-51402313/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartautomation-21-11-2022-19-24-51402313
+  shortDescription: Short repo description for helm chart
+providerDelivery: false
+publicPgpKey: UHViIEtleQ==
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartautomation-21-11-2022-19-8-27665683/OWNERS b/charts/partners/container-test/helmchartautomation-21-11-2022-19-8-27665683/OWNERS
new file mode 100644
index 00000000000..b3d88c1b074
--- /dev/null
+++ b/charts/partners/container-test/helmchartautomation-21-11-2022-19-8-27665683/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmchartautomation-21-11-2022-19-8-27665683
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/helmchartchecklist/OWNERS b/charts/partners/container-test/helmchartchecklist/OWNERS
new file mode 100644
index 00000000000..aa74ea81a5c
--- /dev/null
+++ b/charts/partners/container-test/helmchartchecklist/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmchartchecklist
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/test-chart-name-06/OWNERS b/charts/partners/container-test/test-chart-name-06/OWNERS
index 519706360f0..63b28c818e2 100644
--- a/charts/partners/container-test/test-chart-name-06/OWNERS
+++ b/charts/partners/container-test/test-chart-name-06/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: test-chart-name-06
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
diff --git a/charts/partners/container-test/test-chart-name/OWNERS b/charts/partners/container-test/test-chart-name/OWNERS
new file mode 100644
index 00000000000..1261a28c883
--- /dev/null
+++ b/charts/partners/container-test/test-chart-name/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: test-chart-name
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/test-cnf-external/OWNERS b/charts/partners/container-test/test-cnf-external/OWNERS
index 3bfe000b8fc..f1c540a32fb 100644
--- a/charts/partners/container-test/test-cnf-external/OWNERS
+++ b/charts/partners/container-test/test-cnf-external/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: test-cnf-external
   shortDescription: a
+providerDelivery: false
 publicPgpKey: c3Nzcw==
 users:
 - githubUsername: sawalgiriraj
diff --git a/charts/partners/container-test/test-cnf-internal/OWNERS b/charts/partners/container-test/test-cnf-internal/OWNERS
index 8318e3b5408..2dbd91af697 100644
--- a/charts/partners/container-test/test-cnf-internal/OWNERS
+++ b/charts/partners/container-test/test-cnf-internal/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: test-cnf-internal
   shortDescription: a
+providerDelivery: false
 publicPgpKey: amZrc2hqc2hramhna2pkc2hsa2pk
 users:
 - githubUsername: sawalgiriraj
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/.helmignore b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/CHANGELOG.md b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/CONTRIBUTING.md b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/Chart.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/Chart.yaml
new file mode 100644
index 00000000000..4fa688366c4
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: test-giriraj-helm-chart
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.22.0
+annotations:
+  charts.openshift.io/name: test-giriraj-helm-chart
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/LICENSE.md b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/Makefile b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/README.md b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/NOTES.txt b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/_helpers.tpl b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-clusterrole.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-daemonset.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-serviceaccount.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-certs-secret.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-clusterrole.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-deployment.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-network-policy.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-psp-role.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-psp.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-role.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-rolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-serviceaccount.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-config-configmap.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-discovery-role.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-disruptionbudget.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-ha-active-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-ha-standby-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-headless-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-ingress.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-network-policy.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-psp-role.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-psp.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-route.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-serviceaccount.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-statefulset.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/tests/server-test.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/ui-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/values.openshift.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/values.schema.json b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/values.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.22.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/.helmignore b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/CHANGELOG.md b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/CONTRIBUTING.md b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/Chart.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/Chart.yaml
new file mode 100644
index 00000000000..41626f0e36e
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: test-giriraj-helm-chart
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.23.0
+annotations:
+  charts.openshift.io/name: test-giriraj-helm-chart
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/LICENSE.md b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/Makefile b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/README.md b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/NOTES.txt b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/_helpers.tpl b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-clusterrole.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-daemonset.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-serviceaccount.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-certs-secret.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-clusterrole.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-deployment.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-network-policy.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-psp-role.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-psp.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-role.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-rolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-serviceaccount.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-config-configmap.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-discovery-role.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-disruptionbudget.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-ha-active-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-ha-standby-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-headless-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-ingress.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-network-policy.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-psp-role.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-psp.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-route.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-serviceaccount.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-statefulset.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/tests/server-test.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/ui-service.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/values.openshift.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/values.schema.json b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/values.yaml b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/0.23.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/container-test/test-giriraj-helm-chart/OWNERS b/charts/partners/container-test/test-giriraj-helm-chart/OWNERS
new file mode 100644
index 00000000000..8843b9fc569
--- /dev/null
+++ b/charts/partners/container-test/test-giriraj-helm-chart/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test-giriraj-helm-chart
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: sawalgiriraj
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/test-helm-1672/OWNERS b/charts/partners/container-test/test-helm-1672/OWNERS
new file mode 100644
index 00000000000..be5caa76017
--- /dev/null
+++ b/charts/partners/container-test/test-helm-1672/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test-helm-1672
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: sawalgiriraj
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/test-helm-chart-2604/OWNERS b/charts/partners/container-test/test-helm-chart-2604/OWNERS
new file mode 100644
index 00000000000..f28627ce4ce
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-2604/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test-helm-chart-2604
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/.helmignore b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/CHANGELOG.md b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/CONTRIBUTING.md b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/Chart.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/Chart.yaml
new file mode 100644
index 00000000000..38e2135bf1f
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: test-helm-chart-3011
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.30.0
+annotations:
+  charts.openshift.io/name: test-helm-chart-3011
\ No newline at end of file
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/LICENSE.md b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/Makefile b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/README.md b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/NOTES.txt b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/_helpers.tpl b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-clusterrole.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-daemonset.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-serviceaccount.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-certs-secret.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-clusterrole.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-deployment.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-network-policy.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-psp-role.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-psp.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-role.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-rolebinding.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-service.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-serviceaccount.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-config-configmap.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-discovery-role.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-disruptionbudget.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-ha-active-service.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-ha-standby-service.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-headless-service.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-ingress.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-network-policy.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-psp-role.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-psp.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-route.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-service.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-serviceaccount.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-statefulset.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/tests/server-test.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/ui-service.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/values.openshift.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/values.schema.json b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/values.yaml b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/0.30.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/container-test/test-helm-chart-3011/OWNERS b/charts/partners/container-test/test-helm-chart-3011/OWNERS
new file mode 100644
index 00000000000..07c775f2d69
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart-3011/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test-helm-chart-3011
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: sawalgiriraj
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/test-helm-chart/OWNERS b/charts/partners/container-test/test-helm-chart/OWNERS
new file mode 100644
index 00000000000..742d4b02f42
--- /dev/null
+++ b/charts/partners/container-test/test-helm-chart/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test-helm-chart
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: sawalgiriraj
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/test-helm-project-0205/OWNERS b/charts/partners/container-test/test-helm-project-0205/OWNERS
new file mode 100644
index 00000000000..0ead3037c04
--- /dev/null
+++ b/charts/partners/container-test/test-helm-project-0205/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: test-helm-project-0205
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/test-helm/OWNERS b/charts/partners/container-test/test-helm/OWNERS
new file mode 100644
index 00000000000..b4d3816a1a2
--- /dev/null
+++ b/charts/partners/container-test/test-helm/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test-helm
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users:
+- githubUsername: test-helm-incomplete
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/test-webonly-helm/OWNERS b/charts/partners/container-test/test-webonly-helm/OWNERS
new file mode 100644
index 00000000000..979bdb8a7a7
--- /dev/null
+++ b/charts/partners/container-test/test-webonly-helm/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test-webonly-helm
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/test951-redhat/OWNERS b/charts/partners/container-test/test951-redhat/OWNERS
new file mode 100644
index 00000000000..fc84b5988be
--- /dev/null
+++ b/charts/partners/container-test/test951-redhat/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test951-redhat
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/testd/OWNERS b/charts/partners/container-test/testd/OWNERS
index 0bbd11113d8..b872ef4ef95 100644
--- a/charts/partners/container-test/testd/OWNERS
+++ b/charts/partners/container-test/testd/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: testd
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
diff --git a/charts/partners/container-test/testrv/OWNERS b/charts/partners/container-test/testrv/OWNERS
index 80809d27a3c..84a16d78308 100644
--- a/charts/partners/container-test/testrv/OWNERS
+++ b/charts/partners/container-test/testrv/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: testrv
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/.helmignore b/charts/partners/container-test/teststage-helm/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/CHANGELOG.md b/charts/partners/container-test/teststage-helm/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/CONTRIBUTING.md b/charts/partners/container-test/teststage-helm/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/Chart.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..8581909ac24
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: teststage-helm
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: teststage-helm
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/LICENSE.md b/charts/partners/container-test/teststage-helm/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/Makefile b/charts/partners/container-test/teststage-helm/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/README.md b/charts/partners/container-test/teststage-helm/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/NOTES.txt b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/_helpers.tpl b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-psp.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-role.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-service.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-ingress.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-psp.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-route.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-service.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/templates/ui-service.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/values.openshift.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/values.schema.json b/charts/partners/container-test/teststage-helm/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/container-test/teststage-helm/0.21.0/src/values.yaml b/charts/partners/container-test/teststage-helm/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/.helmignore b/charts/partners/container-test/teststage-helm/0.21.1/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/CHANGELOG.md b/charts/partners/container-test/teststage-helm/0.21.1/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/CONTRIBUTING.md b/charts/partners/container-test/teststage-helm/0.21.1/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/Chart.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/Chart.yaml
new file mode 100644
index 00000000000..fd93b2ad8fc
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.25.0'
+name: teststage-helm
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.1
+annotations:
+  charts.openshift.io/name: teststage-helm
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/LICENSE.md b/charts/partners/container-test/teststage-helm/0.21.1/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/Makefile b/charts/partners/container-test/teststage-helm/0.21.1/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/README.md b/charts/partners/container-test/teststage-helm/0.21.1/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/NOTES.txt b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/_helpers.tpl b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-clusterrole.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-clusterrolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-daemonset.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-serviceaccount.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-certs-secret.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-clusterrole.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-clusterrolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-deployment.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-disruptionbudget.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-mutating-webhook.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-network-policy.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-psp-role.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-psp-rolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-psp.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-role.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-rolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-service.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-serviceaccount.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-clusterrolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-config-configmap.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-discovery-role.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-discovery-rolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-disruptionbudget.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-ha-active-service.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-ha-standby-service.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-headless-service.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-ingress.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-network-policy.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-psp-role.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-psp-rolebinding.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-psp.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-route.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-service.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-serviceaccount.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-statefulset.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/tests/server-test.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/templates/ui-service.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/values.openshift.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/values.schema.json b/charts/partners/container-test/teststage-helm/0.21.1/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/container-test/teststage-helm/0.21.1/src/values.yaml b/charts/partners/container-test/teststage-helm/0.21.1/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/0.21.1/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/container-test/teststage-helm/OWNERS b/charts/partners/container-test/teststage-helm/OWNERS
new file mode 100644
index 00000000000..07a43d85cc6
--- /dev/null
+++ b/charts/partners/container-test/teststage-helm/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: teststage-helm
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/testtse/OWNERS b/charts/partners/container-test/testtse/OWNERS
index 96440d34803..ebee9a48067 100644
--- a/charts/partners/container-test/testtse/OWNERS
+++ b/charts/partners/container-test/testtse/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: testtse
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
diff --git a/charts/partners/container-test/trsd/OWNERS b/charts/partners/container-test/trsd/OWNERS
new file mode 100644
index 00000000000..1309bc8f1ad
--- /dev/null
+++ b/charts/partners/container-test/trsd/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: trsd
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/.helmignore b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/CHANGELOG.md b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/CONTRIBUTING.md b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/Chart.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..8b9df85a7cf
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: viksss-stage-e2e
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: viksss-stage-e2e
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/LICENSE.md b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/Makefile b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/README.md b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/NOTES.txt b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/_helpers.tpl b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-psp.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-role.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-service.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-ingress.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-psp.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-route.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-service.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/ui-service.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/values.openshift.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/values.schema.json b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/values.yaml b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/container-test/viksss-stage-e2e/OWNERS b/charts/partners/container-test/viksss-stage-e2e/OWNERS
new file mode 100644
index 00000000000..d60fe2520a9
--- /dev/null
+++ b/charts/partners/container-test/viksss-stage-e2e/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: viksss-stage-e2e
+  shortDescription: test chart for helm certification
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: vikasmulaje
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/viksss-undistributed/OWNERS b/charts/partners/container-test/viksss-undistributed/OWNERS
new file mode 100644
index 00000000000..730b64321de
--- /dev/null
+++ b/charts/partners/container-test/viksss-undistributed/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: viksss-undistributed
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test
+  name: Anandprakash Tandale
diff --git a/charts/partners/container-test/ydfhdsvsdhgydfhdsvsdhg/OWNERS b/charts/partners/container-test/ydfhdsvsdhgydfhdsvsdhg/OWNERS
index d4b93c0f2bf..51f9a71277e 100644
--- a/charts/partners/container-test/ydfhdsvsdhgydfhdsvsdhg/OWNERS
+++ b/charts/partners/container-test/ydfhdsvsdhgydfhdsvsdhg/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: ydfhdsvsdhgydfhdsvsdhg
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
diff --git a/charts/partners/container-test2/chart-ext-new-user/OWNERS b/charts/partners/container-test2/chart-ext-new-user/OWNERS
new file mode 100644
index 00000000000..757f0346013
--- /dev/null
+++ b/charts/partners/container-test2/chart-ext-new-user/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: chart-ext-new-user
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: container-test2
+  name: test-stage-user-7
diff --git a/charts/partners/container-test2/new-user-external/OWNERS b/charts/partners/container-test2/new-user-external/OWNERS
new file mode 100644
index 00000000000..5c33089d557
--- /dev/null
+++ b/charts/partners/container-test2/new-user-external/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: new-user-external
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: container-test2
+  name: test-stage-user-7
diff --git a/charts/partners/crunchydata/chart-name/OWNERS b/charts/partners/crunchydata/chart-name/OWNERS
index 2111dc1907a..f7d3daed02f 100644
--- a/charts/partners/crunchydata/chart-name/OWNERS
+++ b/charts/partners/crunchydata/chart-name/OWNERS
@@ -1,6 +1,7 @@
 chart:
   name: chart-name
   shortDescription: Lorem ipsum
+providerDelivery: false
 publicPgpKey: unknown
 users:
 - githubUsername: araszka
diff --git a/charts/partners/helm-test-redhat-repo/chart-ext/OWNERS b/charts/partners/helm-test-redhat-repo/chart-ext/OWNERS
new file mode 100644
index 00000000000..d0d74d5b0de
--- /dev/null
+++ b/charts/partners/helm-test-redhat-repo/chart-ext/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: chart-ext
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: helm-test-redhat-repo
+  name: test-stage-user-9
diff --git a/charts/partners/helm-test-redhat-repo/redhat-helm/OWNERS b/charts/partners/helm-test-redhat-repo/redhat-helm/OWNERS
new file mode 100644
index 00000000000..affe61fc936
--- /dev/null
+++ b/charts/partners/helm-test-redhat-repo/redhat-helm/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: redhat-helm
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: helm-test-redhat-repo
+  name: test-stage-user-9
diff --git a/charts/partners/helm-test/chart-new-usr/OWNERS b/charts/partners/helm-test/chart-new-usr/OWNERS
new file mode 100644
index 00000000000..ba45163a033
--- /dev/null
+++ b/charts/partners/helm-test/chart-new-usr/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: chart-new-usr
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: helm-test
+  name: test-stage-user-8
diff --git a/charts/partners/opcert-e2e-testing/415-testing-e2e-helm-chart-webonly/OWNERS b/charts/partners/opcert-e2e-testing/415-testing-e2e-helm-chart-webonly/OWNERS
new file mode 100644
index 00000000000..cf96499f767
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/415-testing-e2e-helm-chart-webonly/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: 415-testing-e2e-helm-chart-webonly
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users:
+- githubUsername: bovem
+- githubUsername: opcert
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/e2e-helm-chart-rhcc/OWNERS b/charts/partners/opcert-e2e-testing/e2e-helm-chart-rhcc/OWNERS
new file mode 100644
index 00000000000..90a42b6bfa1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/e2e-helm-chart-rhcc/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: e2e-helm-chart-rhcc
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+- githubUsername: bovem
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-dist-changes/0.21.0/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-dist-changes/0.21.0/report.yaml
new file mode 100644
index 00000000000..2449cc6fa84
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-dist-changes/0.21.0/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:15769193358979627804
+        chart-uri: N/A
+        digests:
+            chart: sha256:c98b763d6f5772dd775815f410f28bf6dcb45b4f2cf785c65e44d8d864281ad2
+            package: fd4a9a3d5547c320fc96cdefdfe91dff4a0642ed743f99873d40397ad71bc2b5
+        lastCertifiedTimestamp: "2023-06-27T07:04:51.290245+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-dist-changes
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-dist-changes
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-dist-changes/OWNERS b/charts/partners/opcert-e2e-testing/helm-chart-dist-changes/OWNERS
new file mode 100644
index 00000000000..16c661aa093
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-dist-changes/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: helm-chart-dist-changes
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users:
+- githubUsername: bovem
+- githubUsername: opcert
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.0/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.0/report.yaml
new file mode 100644
index 00000000000..fbfbb3a8785
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.0/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:6969903370976156319
+        chart-uri: N/A
+        digests:
+            chart: sha256:9fde1a0347bc5ddd326df2a77e739608291401f6a2ed1142cde1acf0cfcb391c
+            package: 96c375a7c3d00ee0ba6ceeed0494608cb4eb715f1e90780d785d347c8fef9df6
+        lastCertifiedTimestamp: "2023-03-02T13:18:35.069454+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.1/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.1/report.yaml
new file mode 100644
index 00000000000..c821c4c4e43
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.1/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:11555598240122151593
+        chart-uri: N/A
+        digests:
+            chart: sha256:378db85a07e11db82f3399ba589278dbf770b449478e3911a41b995e29e091b0
+            package: eda6663cefad9c77bef435ba429d2e70de3ec13eb615f83196920b93e59f4e32
+        lastCertifiedTimestamp: "2023-03-22T09:00:14.183621+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.1
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.10/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.10/report.yaml
new file mode 100644
index 00000000000..50df03ebcd4
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.10/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:11250433516026971095
+        chart-uri: N/A
+        digests:
+            chart: sha256:eec9e9d86791e0cd18b1fa8be4090171138e9a1b96facc676e148fc63369f223
+            package: ad1a5922b0a14f5971efe347a581f50907ac24d3f7edb1d20d62f4a0126a76a4
+        lastCertifiedTimestamp: "2023-04-04T11:38:40.429888+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.10
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.100/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.100/report.yaml
new file mode 100644
index 00000000000..ec5f0fcc471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.100/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14821049279186321418
+        chart-uri: N/A
+        digests:
+            chart: sha256:59faf2a4d9192b735a851f8310d3e98b0c029fe02fb29daf7d91577ebd4ce5bb
+            package: 6e0197d159e353cf46ea4908920173923e6361bed52bcc8e7577969779510939
+        lastCertifiedTimestamp: "2023-10-21T12:57:44.238608-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.100
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.101/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.101/report.yaml
new file mode 100644
index 00000000000..ec96dcb5025
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.101/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14359332196105765791
+        chart-uri: N/A
+        digests:
+            chart: sha256:035d7e02d084a11982511d139d885b5a52760a576b8d9d27f90ef2b0eb655f77
+            package: fb542ba01b6a130c73de9820e17261a1b539dcdd4f0d6fe5319c19146ea0b0d5
+        lastCertifiedTimestamp: "2023-10-22T12:56:48.127612-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.101
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.102/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.102/report.yaml
new file mode 100644
index 00000000000..ae10148832e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.102/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:8659782089357264835
+        chart-uri: N/A
+        digests:
+            chart: sha256:9ee1c27c54a1835c774cbd9cfc1eaa9e29dda8cd505c03ad9ff090eb4f9655f1
+            package: ddad5fbe9b2f317b162f280a27d1612a3766cd6a4d94a0f6d1be82c475a3edb6
+        lastCertifiedTimestamp: "2023-10-23T13:04:35.005519-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.102
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.103/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.103/report.yaml
new file mode 100644
index 00000000000..289ed809710
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.103/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:8674198543492302550
+        chart-uri: N/A
+        digests:
+            chart: sha256:cb2e81c6d0123caf6592fce041c8c6c6b9871b8ff044e38503e630ba3271142e
+            package: a118594f83fe2d8c93a4d70aa697f3d4940fae613c4e46706f946a7c66d8bf59
+        lastCertifiedTimestamp: "2023-10-24T13:04:15.479812-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.103
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.104/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.104/report.yaml
new file mode 100644
index 00000000000..4cbe9ceebe9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.104/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:13921217748179184712
+        chart-uri: N/A
+        digests:
+            chart: sha256:a5076ee5f3bac46db2a6edc8e479c6c13caaca4a4675f57b3f606fd062f85ffa
+            package: dac122cec3ce4ccaf0714d15d467e3490db085c59b10d0306d3b7b047b68cb67
+        lastCertifiedTimestamp: "2023-10-25T13:04:20.571427-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.104
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.105/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.105/report.yaml
new file mode 100644
index 00000000000..8d0468d3d51
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.105/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:2643871256601196075
+        chart-uri: N/A
+        digests:
+            chart: sha256:397e026fde718ff2dd24f266bbb0375620772268a3d5e58a077e32720c9e40fb
+            package: 1a5d238901d0fe07a415f1b7724361a00235c7383d93b5168a5cc439fffba794
+        lastCertifiedTimestamp: "2023-10-27T11:06:35.264893-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.105
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.106/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.106/report.yaml
new file mode 100644
index 00000000000..caa88b16565
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.106/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:10486006605935352997
+        chart-uri: N/A
+        digests:
+            chart: sha256:cc1a247982b3e5acd261260092f92ce5f7cf11b65c53d47b491e5b6b091b0141
+            package: 0e3b42100ec4fda1712b7147c653ed460c5ea3623b488de4549b47deffec5d12
+        lastCertifiedTimestamp: "2023-10-27T13:03:59.876751-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.106
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.107/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.107/report.yaml
new file mode 100644
index 00000000000..94b6adfb387
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.107/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:4320698714949073351
+        chart-uri: N/A
+        digests:
+            chart: sha256:528fc802dbe2aa2ec635cca82013c75036684ecc02f1470e03b6cc9ea4591fc6
+            package: 6ac361c07f01d7af2f9f840a1f76d28eff2ffb1f5ee2c3a2e41caf4bec96eeb4
+        lastCertifiedTimestamp: "2023-10-28T11:03:14.921698-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.107
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.108/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.108/report.yaml
new file mode 100644
index 00000000000..d4e0ecf2843
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.108/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:8153991845591540553
+        chart-uri: N/A
+        digests:
+            chart: sha256:5e721dd258e646a1c4963d3c951181c8fb68f687ebb2b4e0927eaea8a1f5138f
+            package: 2f51593193c9d55e8cb1a69fec2ff0c6d4b6d284b5c21377c42ee247be5d1ad2
+        lastCertifiedTimestamp: "2023-10-28T13:03:59.411712-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.108
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.109/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.109/report.yaml
new file mode 100644
index 00000000000..ee83c7ed222
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.109/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:6486873786632176888
+        chart-uri: N/A
+        digests:
+            chart: sha256:cf613c2b918b4ad3bf554a0eaa0addd93bbf6b54ccaf967f75e1636fe1604aff
+            package: 05710e2f04d55a6ba70bd953124a10efcc6b94e4f277adb929a170883cb933f4
+        lastCertifiedTimestamp: "2023-10-29T11:03:03.550019-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.109
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.11/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.11/report.yaml
new file mode 100644
index 00000000000..bc0730101b1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.11/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:8194342249002024291
+        chart-uri: N/A
+        digests:
+            chart: sha256:f1fdba67cff72d0c3d7ba284323686102a8b305dca29c5d103540593bc393578
+            package: 288e2eca11480b6f2ff8fa194a3d601fa0733704c59ad65e58bb80156eca34d2
+        lastCertifiedTimestamp: "2023-04-04T11:53:35.975364+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.11
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.110/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.110/report.yaml
new file mode 100644
index 00000000000..281df3507aa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.110/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:6208873255652856447
+        chart-uri: N/A
+        digests:
+            chart: sha256:00a4071a7c9b2cd18f8ccb341b3b1237a60199d9737a38b8d4c538f47e47f051
+            package: 3e4303396aecc111d8512f7c553ae8f211ee3c8b7f712373c837a2c83a1a99cb
+        lastCertifiedTimestamp: "2023-10-29T13:03:33.268762-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.110
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.111/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.111/report.yaml
new file mode 100644
index 00000000000..d76bf17d99d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.111/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:15511303349017528885
+        chart-uri: N/A
+        digests:
+            chart: sha256:f0a6d6220d456540acc10bf0e02697bd0e49ec56468d09ea7d40950baf70c769
+            package: 5c33f644addbf64311aa4321877eca1079407553d216a052fbe225c885b77b18
+        lastCertifiedTimestamp: "2023-10-30T11:03:10.707655-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.111
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.112/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.112/report.yaml
new file mode 100644
index 00000000000..3a97bddfa72
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.112/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:17473769355135246864
+        chart-uri: N/A
+        digests:
+            chart: sha256:8d784152dce10af36069d325ba296182343cd301846af2941bc543accdd40326
+            package: 5680e997fa0a843df0aaf71394f743529db3304c6bfa8513d6969545330bb2a7
+        lastCertifiedTimestamp: "2023-10-30T13:03:51.231709-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.112
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.113/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.113/report.yaml
new file mode 100644
index 00000000000..5b958489871
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.113/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:8150671931201210541
+        chart-uri: N/A
+        digests:
+            chart: sha256:87fb24e7512a63af2a1150f1c62c5dd45e3183885c2e9c8faeb84c6f1ec82cf6
+            package: 3182e3319716ac42cb42f4ce89896a37dcb23c741063cde69dd4489eaa805fa1
+        lastCertifiedTimestamp: "2023-10-31T03:21:29.152638-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.113
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.114/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.114/report.yaml
new file mode 100644
index 00000000000..6b543bd35d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.114/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9489643406793132188
+        chart-uri: N/A
+        digests:
+            chart: sha256:4c9741c1ccd48e971461580bef54cdf8033aadfa8da608839f5b65aab1a8b689
+            package: f375f643c9155ef0fcb1a0e3098fa8af7fe9297c6113a525be2e16bd5a4e7328
+        lastCertifiedTimestamp: "2023-10-31T11:03:27.813665-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.114
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.115/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.115/report.yaml
new file mode 100644
index 00000000000..a941d9218e4
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.115/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:2072591789253755581
+        chart-uri: N/A
+        digests:
+            chart: sha256:1a536ca7d7839580403ac75a486dbde11704bc902e25210743e7aa2b1ca1da52
+            package: b390028f85a23c23b099a62e047909b856a8c2cf15563abc209747f47a9fa2a4
+        lastCertifiedTimestamp: "2023-10-31T13:04:26.960307-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.115
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.116/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.116/report.yaml
new file mode 100644
index 00000000000..2979fb48644
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.116/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:10164013462042073407
+        chart-uri: N/A
+        digests:
+            chart: sha256:5d0c5f442298d78163a6e4ccc1443c6df0209c2650d04a1927bc281ddb05d212
+            package: 6e1a37229a5f60b9bf85e5c98e95e217a1815d79b2532c6a497a1dfdb4520085
+        lastCertifiedTimestamp: "2023-11-01T11:03:29.8176-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.116
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.117/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.117/report.yaml
new file mode 100644
index 00000000000..35b02668215
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.117/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:419431315402360979
+        chart-uri: N/A
+        digests:
+            chart: sha256:88b90f40badf9457e79af347e09844eaeaafedee60ac269aebd6fa41b41cd61f
+            package: 37a755abfb5603a403192541d8f670915504709fb3bd8975a718c4015b447039
+        lastCertifiedTimestamp: "2023-11-01T13:03:42.040563-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.117
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.118/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.118/report.yaml
new file mode 100644
index 00000000000..112d0d23c51
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.118/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:11194847319254626698
+        chart-uri: N/A
+        digests:
+            chart: sha256:12141cf3e1313f9efe576a64b164fbbded4bbb4101071324ca0556888a0cbfd7
+            package: 2308323cc5a3b4594c655e4c31ea66420a5534694dd1e0e4fea94101f230bb2b
+        lastCertifiedTimestamp: "2023-11-02T11:03:40.67697-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.118
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.119/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.119/report.yaml
new file mode 100644
index 00000000000..0ab556d4719
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.119/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:12342847729450815145
+        chart-uri: N/A
+        digests:
+            chart: sha256:13c4ed14b9b0e858ce4fbc3ef12ae699a08afb1ee9311a75432665e71492ee6b
+            package: d1727c18f4f16d88718cb9bd3d8ad8deaa2f45b32adf54621868a1dd6ccfe696
+        lastCertifiedTimestamp: "2023-11-03T11:03:25.300994-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.119
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.12/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.12/report.yaml
new file mode 100644
index 00000000000..269fe845fd6
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.12/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:12832631849591985741
+        chart-uri: N/A
+        digests:
+            chart: sha256:59ff2af79e3cf36df2a631738558c724e91452ba2ff79e664106fb11d64d9303
+            package: 5b898e1da7bdc89f742fe904165a8ba709e6c36149ae98040c0a9009af672ab5
+        lastCertifiedTimestamp: "2023-04-05T06:37:07.024488+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.12
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.120/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.120/report.yaml
new file mode 100644
index 00000000000..4dd1b6640e6
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.120/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9455977073774300571
+        chart-uri: N/A
+        digests:
+            chart: sha256:7a8f9e98cb1116f0f09f5c73235b070f98f690263a4adaafe7652c06a1ed5361
+            package: e67a63f67c5fcc50d11f9c385fbf070f4f28bf17405b8317b25aebba419d65e5
+        lastCertifiedTimestamp: "2023-11-04T11:03:02.18711-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.120
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.121/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.121/report.yaml
new file mode 100644
index 00000000000..d989ca1a0b7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.121/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:338854864283522964
+        chart-uri: N/A
+        digests:
+            chart: sha256:77034d79ff083e37e68fa0ecb18adf143bd5cf091f235306d5f610e078ab1b40
+            package: 7c1360d10dc6bbfcabf65b3600fe752650de9a73f9165de06c175ae773b24601
+        lastCertifiedTimestamp: "2023-11-05T10:03:02.206359-05:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.121
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.122/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.122/report.yaml
new file mode 100644
index 00000000000..39b06307a0d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.122/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:7676974687529438067
+        chart-uri: N/A
+        digests:
+            chart: sha256:c7cd78a747f6c3c1398e96d692e517d17b601b953dff38ee0a1f28947b60e29f
+            package: 06b4ad4d1ea89eaa89238e4405e61ee9c228107cfb174486382e52113268378d
+        lastCertifiedTimestamp: "2023-11-06T10:03:18.278327-05:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.122
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.123/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.123/report.yaml
new file mode 100644
index 00000000000..f74c3705304
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.123/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:4408596118022278884
+        chart-uri: N/A
+        digests:
+            chart: sha256:7ae2fd3f958a940abf37c494634318a246b6adf2aea7c3381c0b1ef6b8e343ba
+            package: 80bc87d70249f21abcbd8e0ecba6b9b3ca70c71ade4ac195d6129b6502371e82
+        lastCertifiedTimestamp: "2023-11-07T10:03:37.316304-05:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.123
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.124/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.124/report.yaml
new file mode 100644
index 00000000000..c2a3edb4bb7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.124/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:16984547244610143823
+        chart-uri: N/A
+        digests:
+            chart: sha256:6805674f464b6cc7ec6677bc6f1a6a0c5eb87ee3af02b23b8c9ceb4172781aaa
+            package: 63bd0823fcdd5aaa5b6d192af5fe7b24908ac8e1aa53062fd22767509b420c02
+        lastCertifiedTimestamp: "2023-11-08T10:03:45.527903-05:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.124
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.125/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.125/report.yaml
new file mode 100644
index 00000000000..78413c40e4c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.125/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:4805771696968647400
+        chart-uri: N/A
+        digests:
+            chart: sha256:5f7bab5d2c292e9518599cd09a07c77dfb83498d87c26237d925fff60b3c1dff
+            package: f2db3362cd3f767dd55ee6e34ee64cec8ac730e3dba69c8c317c5ddf425e2bff
+        lastCertifiedTimestamp: "2023-11-09T10:03:34.666437-05:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.125
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.126/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.126/report.yaml
new file mode 100644
index 00000000000..f4cc5bf8ec0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.126/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:15768960689337872141
+        chart-uri: N/A
+        digests:
+            chart: sha256:1d9acf884543a4514e52add2526556042b3b739b857b3c9c8be965192b2018ea
+            package: 7f344ec85fe89c4a95d7b246ce9c7aa6b9930987bcf8f657c82fd938199e8607
+        lastCertifiedTimestamp: "2023-11-20T12:02:53.724071-05:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.126
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.127/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.127/report.yaml
new file mode 100644
index 00000000000..63a1352c928
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.127/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:6125542044808751267
+        chart-uri: N/A
+        digests:
+            chart: sha256:2099075c371e6ce0f2112f60e0b88f49f77200bd8afb2cf73d59bf795b3e1a60
+            package: 3709ae784f5fb8d8f59b2acb25e922a1299b876fb265582e1e4e9a44ae61155f
+        lastCertifiedTimestamp: "2023-11-21T12:03:37.067955-05:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.127
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.128/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.128/report.yaml
new file mode 100644
index 00000000000..50750c41b47
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.128/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:13664158386699939763
+        chart-uri: N/A
+        digests:
+            chart: sha256:5be9cbaa657e35f3294e82d2b561cae9e39986012fa581b714cbb662bbb086ff
+            package: 8968140161c5f9be154741d19c269f768d5c7503ecd80941f15a893c6f138eac
+        lastCertifiedTimestamp: "2023-11-22T12:02:51.870559-05:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.128
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.129/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.129/report.yaml
new file mode 100644
index 00000000000..ef9e8dce460
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.129/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14150806014039711600
+        chart-uri: N/A
+        digests:
+            chart: sha256:34f3eff2d8af59d097feef5a51261ec89c5ce4532321299814081809e05e36e5
+            package: 0823ca4468d56aae5b84b3d4875b9f97a0bdacd251f6ef6d39ce0c261946f4cd
+        lastCertifiedTimestamp: "2023-11-23T12:19:40.30167-05:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.129
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.13/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.13/report.yaml
new file mode 100644
index 00000000000..90af52f306d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.13/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:5137689509214034255
+        chart-uri: N/A
+        digests:
+            chart: sha256:8a732835479baebe46cddc614fffd1c0f41ff5da7a128073f469ce36b9e8dad7
+            package: 44720e081239968868c25b7ee9c352ba5f958a9c08f18702a8e6a36127ffc4ec
+        lastCertifiedTimestamp: "2023-04-05T06:50:45.369413+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.13
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.130/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.130/report.yaml
new file mode 100644
index 00000000000..f37c91dcf7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.130/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:12177756151241694129
+        chart-uri: N/A
+        digests:
+            chart: sha256:439aed992dfeddf4f132b1ecfb0521dc70c6a8095471b304fdb2e5d7334b5398
+            package: 30ccb437262e62fb64ad56ea3ea14787084625398259b1be7ae29eed6d4441f1
+        lastCertifiedTimestamp: "2023-11-24T12:02:27.728551-05:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.130
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.131/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.131/report.yaml
new file mode 100644
index 00000000000..28dbbc36a9d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.131/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:13784826853772730525
+        chart-uri: N/A
+        digests:
+            chart: sha256:3f2f831ea700278d0b26115d1b1b94c4d77bca00f6bcc446665230196421e3f3
+            package: eb6a48585b844c3b13e34a03debdd569b7bf359037445f8aebd455d47188251d
+        lastCertifiedTimestamp: "2023-11-25T12:02:16.586759-05:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.131
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.132/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.132/report.yaml
new file mode 100644
index 00000000000..3902e34b0c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.132/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:18308347678957035281
+        chart-uri: N/A
+        digests:
+            chart: sha256:1f845432af58935a230b0121d9ae7566c82139287025db0e595842141fef12cf
+            package: be27562763220453e90735c92101687ca2674cf5aeb68e96ba8bff08fbbcefae
+        lastCertifiedTimestamp: "2023-11-26T12:01:59.863797-05:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.132
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.133/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.133/report.yaml
new file mode 100644
index 00000000000..a4c23b519cc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.133/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:13184597464428011747
+        chart-uri: N/A
+        digests:
+            chart: sha256:f7991ab2f036cd2d62f9cc6fcb3ae4736258b11d84aefa9ccf636bbe0cae14e5
+            package: 9d92610af5463c5f6c98cf068b2a800da833ee18d121aa2346718aaa967969b5
+        lastCertifiedTimestamp: "2023-11-27T12:20:39.396852-05:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.133
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.14/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.14/report.yaml
new file mode 100644
index 00000000000..f6c2f2e0486
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.14/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:2116111863133110888
+        chart-uri: N/A
+        digests:
+            chart: sha256:cb4b38ed858706e82d552ec102ce55d18c72f163da6b31165c98ef25e7fe95a4
+            package: 91cac78992217ae32e96d88e0ebd56f9a2e7098a7924459398ffc3b135374d77
+        lastCertifiedTimestamp: "2023-04-05T07:26:38.81287+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.14
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.15/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.15/report.yaml
new file mode 100644
index 00000000000..6596746b6ad
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.15/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:16200058498814753227
+        chart-uri: N/A
+        digests:
+            chart: sha256:cb5079225389ea27798769bb2c23332ffc6cd78a3edb7a497eb0e20cfb077e44
+            package: 337028caf360030e50869cff4ef5479cff177dd686719ff8de51e1e1d83fec7b
+        lastCertifiedTimestamp: "2023-04-05T08:27:59.646393+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.15
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.16/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.16/report.yaml
new file mode 100644
index 00000000000..5611c25eaae
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.16/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9249088394086958276
+        chart-uri: N/A
+        digests:
+            chart: sha256:4c04ee138ef20df337b7ab668e06b16c7dbce32e7b5d6c3f743a689992ace98f
+            package: 368ec1b1ddd1d72476ea2180902df014bd3a729e5ffead00339320aa8777518f
+        lastCertifiedTimestamp: "2023-04-05T08:40:52.41689+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.16
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.17/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.17/report.yaml
new file mode 100644
index 00000000000..88d5d2bf378
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.17/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:12291202573725424850
+        chart-uri: N/A
+        digests:
+            chart: sha256:71a6aa7a7268447eb2436d94c72628c397f2d1203759fbc72432a098c5a25d50
+            package: 3472175c5f1a32c52cbc3f72cc36345574a30d8679449b970e9ee6e35cf984db
+        lastCertifiedTimestamp: "2023-05-08T12:06:36.021058+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.17
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.18/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.18/report.yaml
new file mode 100644
index 00000000000..af00b603229
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.18/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:10974823386969407195
+        chart-uri: N/A
+        digests:
+            chart: sha256:e26be04d53650e908c25ee28d37d2fa5e4b6ded5792daf7d3317004417336411
+            package: ea8fdfea45fdbc2677ccfc0f228407633fbe3917130650a63a87ef48f31ee831
+        lastCertifiedTimestamp: "2023-05-08T17:02:24.720975+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.18
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.19/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.19/report.yaml
new file mode 100644
index 00000000000..00f607ba553
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.19/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:17091129220041428639
+        chart-uri: N/A
+        digests:
+            chart: sha256:2bb80516828ed23eeb16e43ed938f81d11b0fc1d5a175f9ab81bbc19e000060d
+            package: 085d70385602a4d3c6390742f650d7b66db74977c5fd6bbbdf99d6df728a9ae0
+        lastCertifiedTimestamp: "2023-05-09T17:03:07.222916+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.19
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.2/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.2/report.yaml
new file mode 100644
index 00000000000..a8c0edee685
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.2/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:10907697877530058259
+        chart-uri: N/A
+        digests:
+            chart: sha256:fbc012b2d25c8c22dd68aeebbb1ab2b0a2a0202a006a99236ae9603d48add5db
+            package: 5804b50be658caf1845278290b78066084de010f4f5d90a798e40e62da0e7803
+        lastCertifiedTimestamp: "2023-03-23T13:05:37.604956+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.2
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.20/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.20/report.yaml
new file mode 100644
index 00000000000..65b20557f3f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.20/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:12500291948288616159
+        chart-uri: N/A
+        digests:
+            chart: sha256:fbd03578126aa03bf21d601dd56b328c86ab5c1ec1d1e8b59eecf9c7a5a4d6c6
+            package: 342458949c43aa63cb66fa1592ff39113326b0cc816fb63ccd3d731341d866d6
+        lastCertifiedTimestamp: "2023-05-10T17:01:50.950875+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.20
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.21/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.21/report.yaml
new file mode 100644
index 00000000000..ba3cb33def6
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.21/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:13031290633065769621
+        chart-uri: N/A
+        digests:
+            chart: sha256:4c36fe12b5b845354d7fc247ea60c2496027345012e8c6d8d3260a9122871efc
+            package: 95f8bae1bfda3b7cdaa03812ee659ce49cbe788ff09bb3eaf344fdbb220b89a7
+        lastCertifiedTimestamp: "2023-05-11T17:01:38.466714+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.21
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.22/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.22/report.yaml
new file mode 100644
index 00000000000..9b60bb06683
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.22/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:16602006745022456902
+        chart-uri: N/A
+        digests:
+            chart: sha256:0fec686c78a64c8b779003a92b0961f0afb0f52b5a0134e406b6118563876e14
+            package: 86cac49dcf48232f3050e21b2d496f75e64f8052461038ebe8b8a184559a5d1d
+        lastCertifiedTimestamp: "2023-05-12T17:01:33.615561+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.22
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.23/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.23/report.yaml
new file mode 100644
index 00000000000..c481d39baae
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.23/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:5771872409637546822
+        chart-uri: N/A
+        digests:
+            chart: sha256:f7bfab737f379f870c401879454884e37d89dde4f13b77be3957752cdd49395f
+            package: a72e4a3275a7dc04f975f24df158924ce1a30954ea97b45c07da992bd23ff6d2
+        lastCertifiedTimestamp: "2023-05-13T17:01:44.222445+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.23
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.24/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.24/report.yaml
new file mode 100644
index 00000000000..afd5b967c14
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.24/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:18272879014239697694
+        chart-uri: N/A
+        digests:
+            chart: sha256:096cb8f3aa0d3524fcb38e2ba0c71f15749b79892e0a3c8920130d96fc80ac8d
+            package: a5e1ca5579c9341f54fa58a30af65b4959af5b19bb681a6ed2e8049c13de21ec
+        lastCertifiedTimestamp: "2023-05-14T17:01:40.28459+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.24
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.25/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.25/report.yaml
new file mode 100644
index 00000000000..f091ef35c4c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.25/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:7653945625424831139
+        chart-uri: N/A
+        digests:
+            chart: sha256:e12bd4891f80f5187764d61ef6c9ee53e6c6f2658229e1cb68c69a32ab8d1c3e
+            package: 051f35f94bb541020b2073fde9eab1ecd3b58887ab3e095f047631e94d6210f5
+        lastCertifiedTimestamp: "2023-05-15T17:01:45.061213+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.25
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.26/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.26/report.yaml
new file mode 100644
index 00000000000..0e3e891d71e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.26/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:15244551945430098510
+        chart-uri: N/A
+        digests:
+            chart: sha256:514bced9eb15666317a98add4b1f05ad7bde4f34c81e273cc0ee8a8e891c7db2
+            package: b021c5a73aea4080f478120d5f67597b839baa3fd8124c4155b478c99f28f2a5
+        lastCertifiedTimestamp: "2023-05-16T17:02:23.034613+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.26
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.27/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.27/report.yaml
new file mode 100644
index 00000000000..176ae1a6973
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.27/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:10685735779478809523
+        chart-uri: N/A
+        digests:
+            chart: sha256:ea6bb632e94bed6f5a2df1a9b3dbf6b2a39bdaefce83924fc51e3db5b6131c0a
+            package: 28b504fca17d360485e092ac0a431ebdc7d9df5129c5263efd1117d4cfb3b8d7
+        lastCertifiedTimestamp: "2023-05-17T17:01:50.376939+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.27
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.28/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.28/report.yaml
new file mode 100644
index 00000000000..c537922f369
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.28/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14995734463446490165
+        chart-uri: N/A
+        digests:
+            chart: sha256:24eb58ddcb28c5a313744659f1b91d3cfbe80055a8b56795e016b4f9081c182c
+            package: b6c9087ff8c43a544d711075746be8842c98cb5bccdbfdcabb47d40e4b39c757
+        lastCertifiedTimestamp: "2023-05-18T17:02:18.246932+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.28
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.29/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.29/report.yaml
new file mode 100644
index 00000000000..9b4d7bc0aae
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.29/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:17204974788671653622
+        chart-uri: N/A
+        digests:
+            chart: sha256:5b03b455b95662ab8cba3da9f724e4b952aea6b1dc1da4ae6a71ef90a21f4f5a
+            package: 7990a63ca84576b8b18e190d29080f0eafae1b4f4ebe6e7f3d48d15cfe4e10cd
+        lastCertifiedTimestamp: "2023-05-19T17:01:41.556103+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.29
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.3/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.3/report.yaml
new file mode 100644
index 00000000000..47fee586a84
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.3/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9422408520406759297
+        chart-uri: N/A
+        digests:
+            chart: sha256:8bbd41ebef6cd9fe759b6142f76fb47132e6b91279353aac7313d1f27a320496
+            package: e44ac49941bb64c59661e2e5ce54732d1039416635841aba8feb787ab048a918
+        lastCertifiedTimestamp: "2023-04-04T10:11:07.703488+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.3
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.30/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.30/report.yaml
new file mode 100644
index 00000000000..636013e3175
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.30/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:5745827350998765847
+        chart-uri: N/A
+        digests:
+            chart: sha256:87b2a9eb5a06ff2a1611a5c9fca5a5ad4310099a253305183d52f9d04af43399
+            package: 3d9fb4a04b2e09e87476e18a59ef2411a894d58fd6ae6c8a4d07b7a5e68e3a89
+        lastCertifiedTimestamp: "2023-05-20T17:00:55.357648+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.30
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.31/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.31/report.yaml
new file mode 100644
index 00000000000..83c9ef14715
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.31/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:10151996110746105972
+        chart-uri: N/A
+        digests:
+            chart: sha256:5a32a4113bd9f462041be77b5c52a467ae6812be96cdf7a96550b2672ee984da
+            package: d783aebd5c08efd6c64a4dd0fc648399b661b99d010d113b75adc1857f2c88a7
+        lastCertifiedTimestamp: "2023-05-21T17:01:23.449421+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.31
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.32/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.32/report.yaml
new file mode 100644
index 00000000000..9bfa6fd9d6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.32/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14035766182900126265
+        chart-uri: N/A
+        digests:
+            chart: sha256:0e09c70c1cc822e0e3834370a69bb22ec9a7fc1ad2393140f8283791c2385b46
+            package: 950866e9752c443bec5a9ecaacab4e20b6bb9eaf59f24ab99fa251ba55899b2f
+        lastCertifiedTimestamp: "2023-05-22T17:01:32.24625+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.32
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.33/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.33/report.yaml
new file mode 100644
index 00000000000..b6d1617836a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.33/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:4877585150095627259
+        chart-uri: N/A
+        digests:
+            chart: sha256:f0f1c1c23a24b279d0b5ee5d15b9a2946aff58d34d8860f80753f3d959c3935b
+            package: e601fc9cf0d4d46178821bbba3276132745f57ec4f93c905c31d7d561075a122
+        lastCertifiedTimestamp: "2023-05-23T17:01:54.332682+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.33
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.34/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.34/report.yaml
new file mode 100644
index 00000000000..e441e64f88c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.34/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:4505435123960938386
+        chart-uri: N/A
+        digests:
+            chart: sha256:b239ced457afcc8fd2a14c1fec9f0bba81d0b8db9a9fcaac8f833cc3d3e39074
+            package: c8c47bdaceb620bde4c6f522ba2ac77fda6e1382e730d83b0bccda76456a8748
+        lastCertifiedTimestamp: "2023-05-24T17:01:32.438275+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.34
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.35/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.35/report.yaml
new file mode 100644
index 00000000000..0d2750b1f85
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.35/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9050389922219063976
+        chart-uri: N/A
+        digests:
+            chart: sha256:d106255efc2e8b96954c0217521ec0fff6ec93deadcd5d7b53ed3cb819bd3aa8
+            package: afba841e39ad777addb9a1711c947049a3d9c1a6bd38e89fe4777385d679dc79
+        lastCertifiedTimestamp: "2023-05-25T17:01:47.213158+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.35
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.36/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.36/report.yaml
new file mode 100644
index 00000000000..cf086cf225c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.36/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:2660738419190909374
+        chart-uri: N/A
+        digests:
+            chart: sha256:61912668f7fab657352c2c6f36ffe0eb7f9488f25807feba22f1139e6ae71cdf
+            package: bd26cf7d3ae91d15435f4f318d9f927f97ba8db703884ce13341957a7a7a6c08
+        lastCertifiedTimestamp: "2023-05-26T17:01:19.079163+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.36
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.37/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.37/report.yaml
new file mode 100644
index 00000000000..55123d6f587
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.37/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:7916702539718309048
+        chart-uri: N/A
+        digests:
+            chart: sha256:ac66cb6b1f67335d8971f4580ff0b2027c2ccdea89138d066442a993f0208a44
+            package: 3870d1ab0dac6afd6038397b3f66a9de84a930f15b29d58d318219c6fdedc660
+        lastCertifiedTimestamp: "2023-05-27T17:01:18.71266+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.37
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.38/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.38/report.yaml
new file mode 100644
index 00000000000..13b67a80ead
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.38/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:4179333489968792735
+        chart-uri: N/A
+        digests:
+            chart: sha256:18a4f96852a8e65ced8cab2963bb38258c21f40a30d6db1b9ebafba3cf2188fe
+            package: cb1e2e7cc9b2082218884b40721deabae44c219fb225e191eda456525f13b777
+        lastCertifiedTimestamp: "2023-05-28T17:00:35.465772+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.38
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.39/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.39/report.yaml
new file mode 100644
index 00000000000..c29b433dd03
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.39/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:6779760353769763891
+        chart-uri: N/A
+        digests:
+            chart: sha256:9aa2aa7d722d9d2103e12f5f724f3bd3c87c04d0964f6f453137618803f034a0
+            package: 5ca52c409ecd5493b2d2046b9aad6840fd91a515755e8ff2542227faa1f3fc4e
+        lastCertifiedTimestamp: "2023-05-29T17:00:56.367411+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.39
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.4/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.4/report.yaml
new file mode 100644
index 00000000000..c44fa333c2e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.4/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9206338722356836349
+        chart-uri: N/A
+        digests:
+            chart: sha256:2839dec9f13ad45d530ad6ada6224ca1413b245d671bf0a1d267fcb3bfbdced8
+            package: d3c8b2bba0adde208c9e0bb13622b5b6eec91e1e0ce76471fb95c3116328e214
+        lastCertifiedTimestamp: "2023-04-04T10:18:46.552159+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.4
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.40/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.40/report.yaml
new file mode 100644
index 00000000000..3b430814852
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.40/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:17688025772089010796
+        chart-uri: N/A
+        digests:
+            chart: sha256:195e1918b18168c88a6cccb2f0069bb853975c8b3f3b4ebdb34ea3da263d65c2
+            package: 701d543f2ee667c77e53f73755c7d23a392df6215e3bc04b010ab1b956180b3c
+        lastCertifiedTimestamp: "2023-05-31T08:02:04.764078+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.40
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.41/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.41/report.yaml
new file mode 100644
index 00000000000..3ee81b59064
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.41/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:16044075190131218421
+        chart-uri: N/A
+        digests:
+            chart: sha256:a17d5f30e88a265d38a3629d2d071af463a045915262be057188f9ef9152210d
+            package: c7ff20c641ede7e83442580e5fac52d49a36fd0679cf14b0220a4082e8b9f361
+        lastCertifiedTimestamp: "2023-05-31T17:00:52.042963+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.41
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.42/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.42/report.yaml
new file mode 100644
index 00000000000..92034f114bd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.42/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:5135907122857605417
+        chart-uri: N/A
+        digests:
+            chart: sha256:3ece7505e71945a815ce78ef2f186ff6f272b4b2d974ec4e5e85a0cd5c6c1cbf
+            package: 02a6311583d663266b66a6a9baa90b455e397ecd8854db769a8a796aec52c65a
+        lastCertifiedTimestamp: "2023-06-01T17:00:44.877287+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.42
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.43/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.43/report.yaml
new file mode 100644
index 00000000000..95c168bf21c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.43/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:11872320232249513669
+        chart-uri: N/A
+        digests:
+            chart: sha256:2b13fa9849eed14282cf4ce9c9ce1cbac007897893f446b231c9984e8666c86d
+            package: 0860176543090999edbf66af510146e546c2087a216a6e3d30379224bc9e2500
+        lastCertifiedTimestamp: "2023-06-23T17:03:32.238551+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.43
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.44/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.44/report.yaml
new file mode 100644
index 00000000000..c9bf239430f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.44/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:1233539547656849996
+        chart-uri: N/A
+        digests:
+            chart: sha256:0029ca140cee1243186f8564de4a0045623952b5d681bb2f9c1bceebcad77753
+            package: 6ba37b6072b728e8a054c787bc2c7990fccbc0e4bdc0e6840966647f20bf732d
+        lastCertifiedTimestamp: "2023-06-24T17:03:39.49144+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.44
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.45/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.45/report.yaml
new file mode 100644
index 00000000000..e0fb56fb8e7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.45/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:12647420089069634616
+        chart-uri: N/A
+        digests:
+            chart: sha256:68330382e0e041b3c303a119250202c7b416695c0bc518e4dbe4782374367fd3
+            package: f84c60bc355ccb571070623e7cfe0f4a1300d74cdb26283e2c86f36ba07b6f9b
+        lastCertifiedTimestamp: "2023-06-25T17:03:47.833535+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.45
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.46/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.46/report.yaml
new file mode 100644
index 00000000000..181136613ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.46/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9882041224377101983
+        chart-uri: N/A
+        digests:
+            chart: sha256:ad93a26d316ee2fe840eb5ab19dcef03e33a01c90a8d010ee5fce37709c6b63f
+            package: 711c31a64fe547dfe7f0bbc08181caae9b866885f1d737b2786731717de1a309
+        lastCertifiedTimestamp: "2023-06-26T17:05:04.899772+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.46
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.47/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.47/report.yaml
new file mode 100644
index 00000000000..311d41bc6d6
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.47/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:4752168538215047127
+        chart-uri: N/A
+        digests:
+            chart: sha256:0204be00b89afa276d7b1dbd0d5e3126efcbbeeca3eb592b53378ac5efb050a0
+            package: c12f17106272b59576b9d29d16a30e3428868750f9e1b6a26214434c523a7a9b
+        lastCertifiedTimestamp: "2023-06-27T17:04:13.556237+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.47
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.48/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.48/report.yaml
new file mode 100644
index 00000000000..d0e162f1869
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.48/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:5273998172587770942
+        chart-uri: N/A
+        digests:
+            chart: sha256:e789d6e9e30763084bd8ec1f05ae9037ec00d7ab0f1652f3fc4f7020ba36c71c
+            package: 651e1d80dec2045d81a4db24d206014cd7f74df60010a71061734c8b622dcc5b
+        lastCertifiedTimestamp: "2023-06-28T17:03:55.048832+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.48
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.49/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.49/report.yaml
new file mode 100644
index 00000000000..e4b086217e7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.49/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:1437412920900480078
+        chart-uri: N/A
+        digests:
+            chart: sha256:d2cac514c65f33a83504ef0eda3a957319622889aba3edfa40612718592ded37
+            package: 2df448ae4835119fd1a81e432c8d3b3b475b785796a2d3328113a4a3ee7beefa
+        lastCertifiedTimestamp: "2023-06-29T17:04:09.157548+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.49
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.5/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.5/report.yaml
new file mode 100644
index 00000000000..2c895024a72
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.5/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:18407609496829790999
+        chart-uri: N/A
+        digests:
+            chart: sha256:c7f0630eb46ec991a9792994a053fe3d682cdad6cbf60793adeae7844efa92bd
+            package: 47065263162339df4637bc23e16daf80d5d7d007443e9547caa22754c9eb7a76
+        lastCertifiedTimestamp: "2023-04-04T10:31:19.470257+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.5
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.50/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.50/report.yaml
new file mode 100644
index 00000000000..46c56ada996
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.50/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:13610607239215387012
+        chart-uri: N/A
+        digests:
+            chart: sha256:ed61499a468b7ec2c5e5a7a3adfce30db1b3473e7f513c9b2ff566e89f64f64f
+            package: 73b4a7c61aa882f002acfc451941324441e8bbae34e85cda2fa2c220727b79c9
+        lastCertifiedTimestamp: "2023-06-30T17:03:34.555447+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.50
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.51/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.51/report.yaml
new file mode 100644
index 00000000000..2d6f6b17e52
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.51/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:17239368804017617749
+        chart-uri: N/A
+        digests:
+            chart: sha256:9ae8e6fa97cdc4b0a9962e1a70c24b93187f05c071558e6620fa6f2ed3e7779e
+            package: a5f13e3657b8256f09eb87a48e8d6872083f411d3dca0e3cb69959d29d4d0f6f
+        lastCertifiedTimestamp: "2023-07-01T17:03:43.41822+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.51
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.52/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.52/report.yaml
new file mode 100644
index 00000000000..138eb8a52cd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.52/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:3685475116156586750
+        chart-uri: N/A
+        digests:
+            chart: sha256:51dd4d674d0c00766e8804ddaad999548dffd5917b8edc9011de52e8d3ec0495
+            package: 5b1dee73e08c0d7694e8e71618850ad25bddf9f51ef849dbe63b06603185bed8
+        lastCertifiedTimestamp: "2023-07-02T17:03:37.067973+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.52
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.53/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.53/report.yaml
new file mode 100644
index 00000000000..e2050c3156a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.53/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14254530444007605911
+        chart-uri: N/A
+        digests:
+            chart: sha256:2bd26ebc32029d2c9df91a4ecefa6c6b5c775a7012ff08fb600f67892cb7a20f
+            package: d1a669ae2e601a949ab684ce3cddba0f2eed9f92a0b2c1126a40e12332420be2
+        lastCertifiedTimestamp: "2023-07-03T17:03:45.098511+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.53
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.54/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.54/report.yaml
new file mode 100644
index 00000000000..1ba36f899b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.54/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:2764079733061876246
+        chart-uri: N/A
+        digests:
+            chart: sha256:b17e85331bee6ccf4c507fb14bc47ae83c430400b1d4fe0c26b8e8d392833646
+            package: c813647619bdedd891373a878216fbacdf5afac8c5687abc66df3e42c74c4414
+        lastCertifiedTimestamp: "2023-07-04T17:03:47.333049+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.54
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.55/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.55/report.yaml
new file mode 100644
index 00000000000..7c43624bc02
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.55/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:16380858922281324336
+        chart-uri: N/A
+        digests:
+            chart: sha256:b6b8365274d1f12c3ffb1ad736ef03b909af849022e1394b875fd8429392d012
+            package: b901f6dacdfc84d065dea4796a548f462f586a8c56c1cc8303ca658ea7260c8c
+        lastCertifiedTimestamp: "2023-07-05T17:04:16.537018+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.55
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.56/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.56/report.yaml
new file mode 100644
index 00000000000..3afb52ffd3c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.56/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:11653144394173015585
+        chart-uri: N/A
+        digests:
+            chart: sha256:db12949a25b241caea86e2cee1b9ff18ba11e0967c8e6c3f6dda726ca4102f66
+            package: 69873087e9b3ed4b8935713458b9f469a41180ea0338da90f54744c2a6a514c2
+        lastCertifiedTimestamp: "2023-07-06T17:03:30.170343+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.56
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.57/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.57/report.yaml
new file mode 100644
index 00000000000..0f442911346
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.57/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9981489946295972913
+        chart-uri: N/A
+        digests:
+            chart: sha256:c380a3e73fa866874969ccd8a3472efb094f8d8f4f79f92da0cd772dfc4a2907
+            package: 3ad575160969f982bd7e854e5ebcd1ce9484285354d24ce95d40e9f7b9516344
+        lastCertifiedTimestamp: "2023-07-07T17:04:20.618103+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.57
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.58/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.58/report.yaml
new file mode 100644
index 00000000000..fad5eeb0fd0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.58/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:17952192651605155703
+        chart-uri: N/A
+        digests:
+            chart: sha256:e7d7425cff109fc4fc4495de3cb66675edfd0ea190942c3fa288eaeae792d461
+            package: 686d37f7a08f95dbb65a9a9226cc1af3bbeda73b024b88c1112d54ac6b36f43b
+        lastCertifiedTimestamp: "2023-07-08T17:03:04.913719+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.58
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.59/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.59/report.yaml
new file mode 100644
index 00000000000..a24c1e4d634
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.59/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:15030882491093889692
+        chart-uri: N/A
+        digests:
+            chart: sha256:40767f0891cbd341b88fa1005cfd3296ac4a8daf32cb8789e33bc3eb78ab7614
+            package: 81d75be088ac00cb2a617ca36dc4ab56318438c9ca8886412471bde622291f86
+        lastCertifiedTimestamp: "2023-07-09T17:03:06.784774+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.59
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.6/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.6/report.yaml
new file mode 100644
index 00000000000..7a106a06711
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.6/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:18283846387359875231
+        chart-uri: N/A
+        digests:
+            chart: sha256:cd3fa70cd640e69f570a99619f17de99f261b7424f83fbe2b2352865ff3eb0e2
+            package: 23671e3feab9e9a7c5b1eb6e11d6921153a498de55838bcc22563cb818d26545
+        lastCertifiedTimestamp: "2023-04-04T11:06:11.465227+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.6
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.60/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.60/report.yaml
new file mode 100644
index 00000000000..5b43b0409b6
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.60/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.0
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:11150610453468450487
+        chart-uri: N/A
+        digests:
+            chart: sha256:912fbd7ab5b0852e30de6b5bb5f8ba22645d85fa17d95fc0458ba8036027f3b7
+            package: d9bd44f6de79d2bba2c96734d1be408ae8d903caf7853a97e4c1e01a97ffcd66
+        lastCertifiedTimestamp: "2023-07-10T17:02:48.582015+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.60
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.61/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.61/report.yaml
new file mode 100644
index 00000000000..8c98e6d8e9e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.61/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:3462947838081717518
+        chart-uri: N/A
+        digests:
+            chart: sha256:18b11e2901ba8f0a4208e9cbc1249bbbbcb7e01a9bb6d7e474646e508ebd1d96
+            package: be0448515b31211da4f8baab1d717b58d5c4f83c108a2d7cac8bda1fa4ea1ddc
+        lastCertifiedTimestamp: "2023-07-17T17:02:49.365107+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.61
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.62/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.62/report.yaml
new file mode 100644
index 00000000000..a6c2deb9baa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.62/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:11897842004355409074
+        chart-uri: N/A
+        digests:
+            chart: sha256:c1e70929bf3103d5e0abe07c87ce5bfb859d168d20a2a846b2174dedba7c2e63
+            package: 758423de664e4a415630e06d0f5ed21c673cd395af7d7a2ed4836822bfe68f9f
+        lastCertifiedTimestamp: "2023-07-18T19:02:34.593487+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.62
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.63/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.63/report.yaml
new file mode 100644
index 00000000000..5f359eb8483
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.63/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:11147888491047122466
+        chart-uri: N/A
+        digests:
+            chart: sha256:3ff3131547909b7c87563283c615a690a8e3397235e1e31e9cef9ee22cb51e5a
+            package: f5b1b2810ac3909824221b3787c8ed610500fc322b7c1afdc6828b0aadbf885a
+        lastCertifiedTimestamp: "2023-07-19T18:08:55.990905+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.63
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.64/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.64/report.yaml
new file mode 100644
index 00000000000..f7e96ef4caa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.64/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14182488481446078449
+        chart-uri: N/A
+        digests:
+            chart: sha256:573a4cf7924c97f929badba3d1e3644c89110120f25060e218d82b817755d628
+            package: ccb686bf69c6ba1266eec2a199b143b4f4f1bab768f6a4950b453e9731aca86e
+        lastCertifiedTimestamp: "2023-07-20T17:30:29.86585+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.64
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.65/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.65/report.yaml
new file mode 100644
index 00000000000..881c709774f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.65/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:18274260611029511682
+        chart-uri: N/A
+        digests:
+            chart: sha256:a71e99a7a4270e7eb490d0d3a01da6e4b0dec07a129dd4b0adc0ade3146c4b10
+            package: 09ff999eb7d218fb3fc41a7043e924301585ea2927825f4987c5c769be3b3f8d
+        lastCertifiedTimestamp: "2023-07-21T17:25:49.170185+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.65
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.66/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.66/report.yaml
new file mode 100644
index 00000000000..85f9525132e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.66/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:13017075937566740849
+        chart-uri: N/A
+        digests:
+            chart: sha256:46774d500db798d7cbcfd073215bfcdad3cfa8d1458a9cb7ffc1a235daeec690
+            package: cbefdd05ee5f39e1078b56cdc5b176620ed0aee8ea0617e00da39854ae8b4ceb
+        lastCertifiedTimestamp: "2023-07-22T17:26:10.359679+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.66
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.67/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.67/report.yaml
new file mode 100644
index 00000000000..c91ee5c0264
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.67/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:8015639311805121386
+        chart-uri: N/A
+        digests:
+            chart: sha256:97232ce9d6ae778b122b3554f083d3eb557e03303bc7d7bf8ccfeaf7a5a17929
+            package: 788ad7db431639c2294dc1a33917ee71b0d1e1ee4298931aeebfeefdb25a6425
+        lastCertifiedTimestamp: "2023-07-23T17:35:26.865161+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.67
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.68/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.68/report.yaml
new file mode 100644
index 00000000000..ad0c6b422de
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.68/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:17926558617425845856
+        chart-uri: N/A
+        digests:
+            chart: sha256:04851f6bd29acab02ea42104ba60a24ed0c47a4df97bca4f5926255761df0ce5
+            package: 870a124e222e676f56c93d514db171692478f0ec20093df4007e9b9711720dd5
+        lastCertifiedTimestamp: "2023-07-27T17:02:43.247522+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.68
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.69/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.69/report.yaml
new file mode 100644
index 00000000000..05f94de1401
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.69/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:17757532158654954179
+        chart-uri: N/A
+        digests:
+            chart: sha256:6604a282fe015ea6d5abd06a0f47793f9fbdbc4cf8a9d0a5877fe52d56c8a2cb
+            package: 21f1b1a1f1de29d7b143f6fc13ce1b7756262eb3dd042eb22d35f507f05e40f0
+        lastCertifiedTimestamp: "2023-07-28T17:02:37.688743+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.69
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.7/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.7/report.yaml
new file mode 100644
index 00000000000..1b1ff87f96c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.7/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14361625749975042776
+        chart-uri: N/A
+        digests:
+            chart: sha256:3f15242b016cb943d121f5bf44a1b04c59853495186fe761f5dec9873c5ba883
+            package: 90526889c79226400580803d2eca50527d6073be4fe29c39b401e4634f29b7a3
+        lastCertifiedTimestamp: "2023-04-04T11:13:07.275339+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.7
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.70/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.70/report.yaml
new file mode 100644
index 00000000000..88623d43b06
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.70/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:7036762158924455275
+        chart-uri: N/A
+        digests:
+            chart: sha256:0ab85ae039667555b377258655ac0c972d4bf0c9a812c00db09b2c57f04d719a
+            package: 0c155de4769ffaddf3b70ff50394be2e083e9b78fa095cd44535fde73a1fb2d9
+        lastCertifiedTimestamp: "2023-07-29T17:02:19.926366+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.70
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.71/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.71/report.yaml
new file mode 100644
index 00000000000..182e2661b5f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.71/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:7530293701177831554
+        chart-uri: N/A
+        digests:
+            chart: sha256:5f5f2c41cf53434f5dcf8761af2d0c2f3cc3a911c7ab49cd02e9d6effd65c25c
+            package: ed3d4187afaf3b503ceea907693ab79eebd2e6da194e355af2c1e4e87a463bb4
+        lastCertifiedTimestamp: "2023-07-30T17:01:56.188431+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.71
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.72/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.72/report.yaml
new file mode 100644
index 00000000000..d3d8f7de71b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.72/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:7220298765183243762
+        chart-uri: N/A
+        digests:
+            chart: sha256:3a3676431b8ea6bd6cd69fc5ea3c3d400ad466534eff1a64f74e26977f4ca49d
+            package: 7f1385d25a462ad320d028fb5a1686f600baa50e96f38e3cf9da0efe7f42a494
+        lastCertifiedTimestamp: "2023-07-31T17:02:09.787456+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.72
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.73/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.73/report.yaml
new file mode 100644
index 00000000000..aec7d44a57a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.73/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:279637687199682000
+        chart-uri: N/A
+        digests:
+            chart: sha256:5232f950319488789d8abcdbaf85a10b0c6084a88ff9abff66270436a739fdf9
+            package: 5808caea98d8814f7e922a475eb1685d70e50664b75bafd0bbde18a307b7f277
+        lastCertifiedTimestamp: "2023-08-01T17:02:06.199928+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.73
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.74/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.74/report.yaml
new file mode 100644
index 00000000000..0ba38569157
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.74/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9717805164436746015
+        chart-uri: N/A
+        digests:
+            chart: sha256:b478f4e379934a6de5c33b916f285bdc9a251f122fd6ed484e8140a8dd691066
+            package: 824030d436ce00620126a36dd522cbea2e3553f1e2526860c13eb487534cbb36
+        lastCertifiedTimestamp: "2023-08-02T17:03:02.7992+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.74
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.75/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.75/report.yaml
new file mode 100644
index 00000000000..e9ff78306cf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.75/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:1142624991772018088
+        chart-uri: N/A
+        digests:
+            chart: sha256:03ee64a018a1a6d947363a5e22814d3334fbd6e4e4cdf663ce33c78165f387d6
+            package: 2e88b76e62139d43a03b67b3ff007cc756c8ac8b5b7845abf3e68ac8916439c1
+        lastCertifiedTimestamp: "2023-08-03T17:02:19.799829+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.75
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.76/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.76/report.yaml
new file mode 100644
index 00000000000..c32716d71fd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.76/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:3039715097240892876
+        chart-uri: N/A
+        digests:
+            chart: sha256:357b6cbbca9e5f5c05faa17434de9844b28c5d017183ca5ff222988ce902722c
+            package: e232853c9ac916293bd801581c9beb4552a4b530316b63619529005a2ba866e0
+        lastCertifiedTimestamp: "2023-08-04T17:01:44.876154+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.76
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.77/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.77/report.yaml
new file mode 100644
index 00000000000..521ba563a9d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.77/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:15779295548628259916
+        chart-uri: N/A
+        digests:
+            chart: sha256:5b91ac93631bd1059f3abe8ff57fa2c9c2d6f8a3ebd1467858a1ee51f1ef9677
+            package: 5566367f017a08b548e7aa640221ef3f110a8627f0257fcc4e104291a672958b
+        lastCertifiedTimestamp: "2023-08-05T17:01:54.635338+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.77
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.78/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.78/report.yaml
new file mode 100644
index 00000000000..1b22e865c93
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.78/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9585864729896893422
+        chart-uri: N/A
+        digests:
+            chart: sha256:21dc764e091915bb719fdbad1af60131beba127b157adeb5cb465cce35244a74
+            package: 67bf17a31476d161902864456e533c29939cec0369b4c07d5d561d3aaab4fc0f
+        lastCertifiedTimestamp: "2023-08-06T17:01:27.605184+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.78
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.79/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.79/report.yaml
new file mode 100644
index 00000000000..13468421d45
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.79/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:10311580052213169345
+        chart-uri: N/A
+        digests:
+            chart: sha256:8bbd60e458049255e688572c2fa3760033430642b52cf048fc423a963ecd222a
+            package: 428a0811336d09a2b2c3426f5eccaac21e7753747d427d2681bb35089bc17b38
+        lastCertifiedTimestamp: "2023-08-07T17:01:40.622783+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.79
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.8/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.8/report.yaml
new file mode 100644
index 00000000000..e1ad89a10e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.8/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:13094627029347529331
+        chart-uri: N/A
+        digests:
+            chart: sha256:876dd0c84c3bcb31ee5a5da8002647789a66a84f43fe70ad004c29a8b8904a91
+            package: 9e971bf8e594f38a00b625a5f69a26932b48c54ba3fe0de8657e560d88ac8aa8
+        lastCertifiedTimestamp: "2023-04-04T11:23:31.120678+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.8
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.80/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.80/report.yaml
new file mode 100644
index 00000000000..dbd120da642
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.80/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:18265901589321734760
+        chart-uri: N/A
+        digests:
+            chart: sha256:2c78247e74d088747a5f646c309b94644b243ebf855847886f7deb562929a440
+            package: 942efcfb16c0cfc0551a7ac6d721b6c99d37646f6646b43d0b0235b90c4c92c1
+        lastCertifiedTimestamp: "2023-08-08T17:02:08.974658+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.80
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.81/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.81/report.yaml
new file mode 100644
index 00000000000..e3c85c94c57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.81/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14497481295375630204
+        chart-uri: N/A
+        digests:
+            chart: sha256:37e2152c9809cd3df8097c73c44c12e7eb6e632f5cdd5b76b75a88fe1228c245
+            package: 8fd2c2dc897a5b141402c38954f1d73aa2d6044c1cfc310de374f67a35a0dfd2
+        lastCertifiedTimestamp: "2023-08-09T17:02:17.982959+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.81
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.82/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.82/report.yaml
new file mode 100644
index 00000000000..ab1e14f5b18
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.82/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14568602565258748805
+        chart-uri: N/A
+        digests:
+            chart: sha256:c1a05b2a1d8c53be3eed9a5c5cf7a9328e33d9022628e1e4f4ea8663fb81a2f4
+            package: 68567c1c145772d55409c8a0dd08adae5f75db03a3a6bd045f5da8f59d6fc430
+        lastCertifiedTimestamp: "2023-08-10T17:01:15.367102+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.82
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.83/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.83/report.yaml
new file mode 100644
index 00000000000..ca1d71c211c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.83/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:10534996300738211541
+        chart-uri: N/A
+        digests:
+            chart: sha256:6cf26d8826a6dc9d290acebca431c5ab39fa9ea4d34d6e7f5f37dc1805f1fc8b
+            package: 82e61032b6530b25e0955529bbfc583f5bedd8ca0336fa835f49c05b83d374f6
+        lastCertifiedTimestamp: "2023-08-11T17:01:32.977214+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.83
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.84/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.84/report.yaml
new file mode 100644
index 00000000000..ea83f1a681f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.84/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:4098927123176818315
+        chart-uri: N/A
+        digests:
+            chart: sha256:fc789e4bb3bc37a4bace8e414c6ca36eb4a4ce1e015b4f8bb38b31721ff3b5ec
+            package: e08507f02893343872f78f907a116a1416a34e8aadf347a27115a0d8de624b5d
+        lastCertifiedTimestamp: "2023-08-12T17:01:08.564246+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.84
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.85/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.85/report.yaml
new file mode 100644
index 00000000000..8b82cb3e09e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.85/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:3806169572946354226
+        chart-uri: N/A
+        digests:
+            chart: sha256:f5019be36ae0becf718a7d6d08061a4fc2f5af4bf43c3c907718c228458564f1
+            package: 4a63d8242b640c0d72c415bab07028a32e8fb4203a0f52a2f0436034803b2f49
+        lastCertifiedTimestamp: "2023-08-13T17:01:50.262599+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.85
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.86/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.86/report.yaml
new file mode 100644
index 00000000000..1e908f1a03e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.86/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14760122520870286620
+        chart-uri: N/A
+        digests:
+            chart: sha256:718dff8cf0bba515f18751663993b85102dffa992efe486c05de0b4c4ce62bc9
+            package: fdb842aeada24385b50dfb8cdbe6b6da62b8beb6725a39b2e07254fc9a8a5d2a
+        lastCertifiedTimestamp: "2023-08-14T17:00:55.140626+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.86
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.87/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.87/report.yaml
new file mode 100644
index 00000000000..697cce7ee3c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.87/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:16881610519661787712
+        chart-uri: N/A
+        digests:
+            chart: sha256:df9a66b53a266afde8f8b17925340c5913ca794cdea8830532ae0b6d3fe74f28
+            package: 767a4f58f4dd96012c3a0c71b37d2c813a160bc6a02d509f1486e9cd101eda01
+        lastCertifiedTimestamp: "2023-08-15T17:01:31.847652+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.87
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.88/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.88/report.yaml
new file mode 100644
index 00000000000..b5961e9c1c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.88/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9716805537281456082
+        chart-uri: N/A
+        digests:
+            chart: sha256:6acc2579b463ff60e394a993504d1cf218d6cef43fb0470331ee3b5b58580b34
+            package: 37bc6a2bd487742317a7257e4e65f5d6440073c5f7e754e3160b83fff733c83c
+        lastCertifiedTimestamp: "2023-08-16T17:01:12.047898+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.88
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.89/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.89/report.yaml
new file mode 100644
index 00000000000..3bc22d0f8c0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.89/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:2982492117109079935
+        chart-uri: N/A
+        digests:
+            chart: sha256:4c2374476dfe436d5dc1a55ff07387440b8887011829ccbf58dec1693b3e65fc
+            package: 821a9f93c90da04a7458df85458b6abd4a59c70a98b4962e72ea3893fb90056e
+        lastCertifiedTimestamp: "2023-08-17T17:01:42.515914+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.89
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.9/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.9/report.yaml
new file mode 100644
index 00000000000..5a1d58ad3d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.9/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:13146225299374970760
+        chart-uri: N/A
+        digests:
+            chart: sha256:794c801b0cbc0266562411d86734abb20fa9f2e69d272fc371e7ad60d2f4bc7a
+            package: 553c12b0b7e96a4054ff792942c041f8d17016ca72ac6359598f8191263a186a
+        lastCertifiedTimestamp: "2023-04-04T11:31:26.785315+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.9
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.90/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.90/report.yaml
new file mode 100644
index 00000000000..100f906df38
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.90/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:3037599992993145673
+        chart-uri: N/A
+        digests:
+            chart: sha256:14af8c69746f11c6d220cff97d10d90c08e7679a1be88d31904d25a4de5b4c70
+            package: 830c9ebde0a94435eb3c01748fea3f1337a2dfd8bad285bc05008337cf6b6bee
+        lastCertifiedTimestamp: "2023-08-18T17:00:58.91533+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.90
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.91/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.91/report.yaml
new file mode 100644
index 00000000000..bd41dfb59f1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.91/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:7568459405157642116
+        chart-uri: N/A
+        digests:
+            chart: sha256:580a09a632d0a315d45bde12307ef60d6f77ab2a8325f130a7f80a4ad4e2f157
+            package: 0a3f3506758fe5e9ab4aefe21683a7f58ae1782a53cf7fa5ed4b23b36231868a
+        lastCertifiedTimestamp: "2023-08-19T17:00:35.621837+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.91
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.92/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.92/report.yaml
new file mode 100644
index 00000000000..c30126910c9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.92/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:17580419291684714561
+        chart-uri: N/A
+        digests:
+            chart: sha256:e4dc17ff39ea888259d89d238657a4c6c32972b5ab9693e368257e928f105ce4
+            package: 946439f83cee645a730e668c2791cf717db7892325422fba0096e226eaf48e70
+        lastCertifiedTimestamp: "2023-08-20T17:00:54.726334+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.92
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.93/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.93/report.yaml
new file mode 100644
index 00000000000..07503c2712b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.93/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:18200022186620040942
+        chart-uri: N/A
+        digests:
+            chart: sha256:c9120e9a4369d6e0cabe80277f60fbc7e6c6fbf7c9f574fe185da0def69c8a61
+            package: 59d7b72c41e1736470748d16c322bdb05bb3eb16b532d81362595742b531b2d7
+        lastCertifiedTimestamp: "2023-08-21T17:01:05.819621+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.93
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.94/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.94/report.yaml
new file mode 100644
index 00000000000..bc15db87bbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.94/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:17977512319453269883
+        chart-uri: N/A
+        digests:
+            chart: sha256:0afd99cd79f359add8046dbc82d3949c6f024f8432af112fa55e82df4d99ffd3
+            package: 12cdc584d360acad8ccc86c24f011fda8319c0e5925818a84631664d6fa42f93
+        lastCertifiedTimestamp: "2023-08-22T17:00:32.428321+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.94
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.95/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.95/report.yaml
new file mode 100644
index 00000000000..75b7fa07c2d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.95/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9391429054741743107
+        chart-uri: N/A
+        digests:
+            chart: sha256:8da74166d49340ce6c1a521e1135772ce1b4ca35eed5f61ca5052779300b0b28
+            package: be6ebae9a8550b24b4601cabc7e4b4cce8ac035a35e027a7cd5d7514cc9056e7
+        lastCertifiedTimestamp: "2023-08-23T17:01:18.35578+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.95
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.96/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.96/report.yaml
new file mode 100644
index 00000000000..8e110a036b0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.96/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:14044865174477152953
+        chart-uri: N/A
+        digests:
+            chart: sha256:4738d9da2cee4b87293dee2c7a197f138ba3343c1785e1d14465eec2f2bdf3a6
+            package: 91e8b7d74026f872b58e282e5688ade8b32677aa38d34225bdcc5d296b3b9107
+        lastCertifiedTimestamp: "2023-08-24T17:01:21.219785+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.96
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.97/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.97/report.yaml
new file mode 100644
index 00000000000..b3d94d579c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.97/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:7303059832230428187
+        chart-uri: N/A
+        digests:
+            chart: sha256:a0027e8c814cf5d67f87589b93acde3d239f474e45d018bcb47d4789a53326fd
+            package: e4a55db284ade2e7b23b73c71e5336161af42b71de5880572cf4dc6dbf7db36e
+        lastCertifiedTimestamp: "2023-10-20T06:12:48.536619-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.97
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.98/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.98/report.yaml
new file mode 100644
index 00000000000..f62fe67a8f6
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.98/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:18148295793301556808
+        chart-uri: N/A
+        digests:
+            chart: sha256:e1a19ea38efc4e80c1d2bff89eb961d54d3392780e7e974188bf9f0dd2321b62
+            package: 1f77b36b3f4a9d50ecc7403b2e16c20e538f7e1e2d2b3db9db585f324802a72b
+        lastCertifiedTimestamp: "2023-10-20T11:03:54.654155-04:00"
+        testedOpenShiftVersion: "4.14"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.98
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.99/report.yaml b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.99/report.yaml
new file mode 100644
index 00000000000..639dceb9002
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/0.21.99/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.11.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:17607465836693951170
+        chart-uri: N/A
+        digests:
+            chart: sha256:46ee389a75697f9864b09a10ec9571070b8fb3ea07e59b0b6d51a38b4ce912a5
+            package: 3210b4b6ad92fff41a36c0a59c756e6cfaa7913b6993550413c281533deaca56
+        lastCertifiedTimestamp: "2023-10-20T12:57:36.837816-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.13'
+        webCatalogOnly: true
+    chart:
+        name: helm-chart-ocp413
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.99
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-ocp413
+        kubeversion: '>= 1.26.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+
diff --git a/charts/partners/opcert-e2e-testing/helm-chart-ocp413/OWNERS b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/OWNERS
new file mode 100644
index 00000000000..513b56d2318
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-chart-ocp413/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-chart-ocp413
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/helm-clone-project/OWNERS b/charts/partners/opcert-e2e-testing/helm-clone-project/OWNERS
new file mode 100644
index 00000000000..045624ca3d3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-clone-project/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helm-clone-project
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/helm-clone-project2/OWNERS b/charts/partners/opcert-e2e-testing/helm-clone-project2/OWNERS
new file mode 100644
index 00000000000..fa491138a92
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-clone-project2/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-clone-project2
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..5ad06c76ca7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/Chart.yaml
new file mode 100644
index 00000000000..c61d6b41b41
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.1
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.1/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/Chart.yaml
new file mode 100644
index 00000000000..b0bb32ca48e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.10
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.10/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/Chart.yaml
new file mode 100644
index 00000000000..f79999b65fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.11
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.11/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/Chart.yaml
new file mode 100644
index 00000000000..7d8f7df41aa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.12
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.12/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/Chart.yaml
new file mode 100644
index 00000000000..7af2fd413c5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.13
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.13/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/Chart.yaml
new file mode 100644
index 00000000000..a0fc112167e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.14
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.14/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/Chart.yaml
new file mode 100644
index 00000000000..3cb291aa9ce
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.15
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.15/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/Chart.yaml
new file mode 100644
index 00000000000..02f9d5bd8ee
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.16
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.16/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/Chart.yaml
new file mode 100644
index 00000000000..1e49155a940
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.17
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.17/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/Chart.yaml
new file mode 100644
index 00000000000..41cf0839372
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.18
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.18/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/Chart.yaml
new file mode 100644
index 00000000000..a09575b3d71
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.19
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.19/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/Chart.yaml
new file mode 100644
index 00000000000..e6cfbf4495e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.2
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.2/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/Chart.yaml
new file mode 100644
index 00000000000..d2dd8eebed1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.20
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.20/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/Chart.yaml
new file mode 100644
index 00000000000..41684f01f4b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.21
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.21/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/Chart.yaml
new file mode 100644
index 00000000000..cc509f54627
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.22
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.22/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/Chart.yaml
new file mode 100644
index 00000000000..ff9d3d73ca5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.23
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.23/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/Chart.yaml
new file mode 100644
index 00000000000..fd4aff83e85
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.24
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.24/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/Chart.yaml
new file mode 100644
index 00000000000..93896e48ca5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.25
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.25/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/Chart.yaml
new file mode 100644
index 00000000000..9ca2652bc96
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.26
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.26/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/Chart.yaml
new file mode 100644
index 00000000000..870c72068e4
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.27
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.27/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/Chart.yaml
new file mode 100644
index 00000000000..61006fb5566
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.28
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.28/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/Chart.yaml
new file mode 100644
index 00000000000..6327581a16a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.29
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.29/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/Chart.yaml
new file mode 100644
index 00000000000..4d05f341cb9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.3
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.3/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/Chart.yaml
new file mode 100644
index 00000000000..f2c954ef696
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.30
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.30/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/Chart.yaml
new file mode 100644
index 00000000000..214b68d317a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.31
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.31/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/Chart.yaml
new file mode 100644
index 00000000000..4f8e3d54756
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.32
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.32/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/Chart.yaml
new file mode 100644
index 00000000000..2bdd1bc11bb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.33
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.33/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/Chart.yaml
new file mode 100644
index 00000000000..f3c5a28b9c8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.34
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.34/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/Chart.yaml
new file mode 100644
index 00000000000..0e23926bef1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.35
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.35/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/Chart.yaml
new file mode 100644
index 00000000000..2c4f8d70546
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.36
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.36/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/Chart.yaml
new file mode 100644
index 00000000000..08dd26f915e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.37
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.37/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/Chart.yaml
new file mode 100644
index 00000000000..8852c589dc2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.38
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.38/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/Chart.yaml
new file mode 100644
index 00000000000..2d66de4ada3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.39
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.39/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/Chart.yaml
new file mode 100644
index 00000000000..ed3bc3037b9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.4
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.4/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/Chart.yaml
new file mode 100644
index 00000000000..602902242b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.40
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.40/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/Chart.yaml
new file mode 100644
index 00000000000..c8278991ec7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.41
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.41/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/Chart.yaml
new file mode 100644
index 00000000000..3dcf0369c95
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.42
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.42/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/Chart.yaml
new file mode 100644
index 00000000000..479cdcaf89e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.43
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.43/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/Chart.yaml
new file mode 100644
index 00000000000..c0e993d395b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.44
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.44/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/Chart.yaml
new file mode 100644
index 00000000000..c40197e320e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.45
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.45/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/Chart.yaml
new file mode 100644
index 00000000000..d896de11ad5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.46
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.46/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/Chart.yaml
new file mode 100644
index 00000000000..3508e7d1c3e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.47
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.47/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/Chart.yaml
new file mode 100644
index 00000000000..4032404b408
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.48
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.48/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/Chart.yaml
new file mode 100644
index 00000000000..0029ac3cde5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.49
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.49/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/Chart.yaml
new file mode 100644
index 00000000000..3d8667caf71
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.5
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.5/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/Chart.yaml
new file mode 100644
index 00000000000..8f7f26425eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.50
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.50/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/Chart.yaml
new file mode 100644
index 00000000000..5a6cdca445a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.51
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.51/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/Chart.yaml
new file mode 100644
index 00000000000..6c3c2d49285
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.52
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.52/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/Chart.yaml
new file mode 100644
index 00000000000..6b562c53ea4
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.53
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.53/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/Chart.yaml
new file mode 100644
index 00000000000..2d78cabff07
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.54
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.54/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/Chart.yaml
new file mode 100644
index 00000000000..ccc263ed302
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.55
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.55/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/Chart.yaml
new file mode 100644
index 00000000000..bde61dbafca
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.56
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.56/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/Chart.yaml
new file mode 100644
index 00000000000..66bf7ed7457
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.57
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.57/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/Chart.yaml
new file mode 100644
index 00000000000..beda00f2f55
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.58
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.58/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/Chart.yaml
new file mode 100644
index 00000000000..5b39e5f78c0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.59
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.59/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/Chart.yaml
new file mode 100644
index 00000000000..2865ceb39a4
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.6
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.6/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/Chart.yaml
new file mode 100644
index 00000000000..c73c202215e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.60
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.60/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/Chart.yaml
new file mode 100644
index 00000000000..29eb96f6783
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.61
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.61/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/Chart.yaml
new file mode 100644
index 00000000000..3bbb47a6525
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.62
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.62/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/Chart.yaml
new file mode 100644
index 00000000000..ba2b46f5ff8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.63
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.63/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/Chart.yaml
new file mode 100644
index 00000000000..0986885b289
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.64
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.64/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/Chart.yaml
new file mode 100644
index 00000000000..c7666603e0d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.65
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.65/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/Chart.yaml
new file mode 100644
index 00000000000..b0265a36932
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.66
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.66/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/Chart.yaml
new file mode 100644
index 00000000000..217e567cf20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.67
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.67/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/Chart.yaml
new file mode 100644
index 00000000000..2be0c2248b1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.68
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.68/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/Chart.yaml
new file mode 100644
index 00000000000..070690db731
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.69
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.69/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/Chart.yaml
new file mode 100644
index 00000000000..18a157e2ad0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.7
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.7/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/Chart.yaml
new file mode 100644
index 00000000000..d8c3736d307
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.70
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.70/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/Chart.yaml
new file mode 100644
index 00000000000..97b99192f23
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.71
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.71/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/Chart.yaml
new file mode 100644
index 00000000000..452217d31de
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.72
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.72/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/Chart.yaml
new file mode 100644
index 00000000000..5b26a9c5205
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.73
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.73/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/Chart.yaml
new file mode 100644
index 00000000000..543a1c2edf5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.74
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.74/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/Chart.yaml
new file mode 100644
index 00000000000..e181b55f54f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.75
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.75/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/Chart.yaml
new file mode 100644
index 00000000000..86a35d648eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.76
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.76/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/Chart.yaml
new file mode 100644
index 00000000000..da1d542d774
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.77
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.77/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/Chart.yaml
new file mode 100644
index 00000000000..3cf86f31522
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.78
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.78/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/Chart.yaml
new file mode 100644
index 00000000000..d1bd5217bf2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.79
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.79/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/Chart.yaml
new file mode 100644
index 00000000000..59aba6b5fad
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.8
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.8/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/Chart.yaml
new file mode 100644
index 00000000000..40469fb6030
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.80
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.80/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/Chart.yaml
new file mode 100644
index 00000000000..db27c16e4a9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.81
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.81/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/Chart.yaml
new file mode 100644
index 00000000000..3f7fb229678
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.82
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.82/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/Chart.yaml
new file mode 100644
index 00000000000..8f82b8957f5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.83
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.83/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/Chart.yaml
new file mode 100644
index 00000000000..a754801e80d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.84
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.84/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/Chart.yaml
new file mode 100644
index 00000000000..86bca9b8820
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.85
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.85/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/Chart.yaml
new file mode 100644
index 00000000000..c872d1b4ca3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.86
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.86/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/Chart.yaml
new file mode 100644
index 00000000000..67eacc2947c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.87
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.87/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/Chart.yaml
new file mode 100644
index 00000000000..df1aa537e45
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.88
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.88/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/Chart.yaml
new file mode 100644
index 00000000000..f48a6ed022d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.89
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.89/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/Chart.yaml
new file mode 100644
index 00000000000..bb838aae69e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.9
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.9/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/Chart.yaml
new file mode 100644
index 00000000000..68f12c95dbe
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.90
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.90/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/Chart.yaml
new file mode 100644
index 00000000000..0efd3fa2e82
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.91
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.91/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/Chart.yaml
new file mode 100644
index 00000000000..9cfac5c7959
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.92
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.92/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/Chart.yaml
new file mode 100644
index 00000000000..77ef069bdd1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.93
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.93/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/Chart.yaml
new file mode 100644
index 00000000000..f1d2f1004dd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.94
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.94/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/Chart.yaml
new file mode 100644
index 00000000000..0d498b30d8b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.95
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.95/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/Chart.yaml
new file mode 100644
index 00000000000..7330abb3116
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.96
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.96/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/Chart.yaml
new file mode 100644
index 00000000000..fdef4570a2f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.97
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.97/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/Chart.yaml
new file mode 100644
index 00000000000..0a12fb15882
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.98
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.98/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/.helmignore b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/Chart.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/Chart.yaml
new file mode 100644
index 00000000000..2ff712c4b1d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-e2e-rhcc
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.99
+annotations:
+  charts.openshift.io/name: helm-e2e-rhcc
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/LICENSE.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/Makefile b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/README.md b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/values.schema.json b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/values.yaml b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/0.21.99/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/OWNERS b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/OWNERS
new file mode 100644
index 00000000000..52f965835b4
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-e2e-rhcc/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: helm-e2e-rhcc
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+- githubUsername: bovem
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/helm-test-project/OWNERS b/charts/partners/opcert-e2e-testing/helm-test-project/OWNERS
new file mode 100644
index 00000000000..c8c678f3c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/helm-test-project/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: helm-test-project
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+- githubUsername: bovem
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/.helmignore b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/Chart.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..f5df8648732
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: qetesting-helm-chart
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: qetesting-helm-chart
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/LICENSE.md b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/Makefile b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/README.md b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/values.schema.json b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/values.yaml b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/opcert-e2e-testing/qetesting-helm-chart/OWNERS b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/OWNERS
new file mode 100644
index 00000000000..0f3eb5e3567
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/qetesting-helm-chart/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: qetesting-helm-chart
+  shortDescription: null
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: bovem
+- githubUsername: opcert
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/test-helm-project/OWNERS b/charts/partners/opcert-e2e-testing/test-helm-project/OWNERS
new file mode 100644
index 00000000000..38b9e83f2f2
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/test-helm-project/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: test-helm-project
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/test-webonly-helm/OWNERS b/charts/partners/opcert-e2e-testing/test-webonly-helm/OWNERS
new file mode 100644
index 00000000000..2e26364a0c7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/test-webonly-helm/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: test-webonly-helm
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/test-webonly-project/OWNERS b/charts/partners/opcert-e2e-testing/test-webonly-project/OWNERS
new file mode 100644
index 00000000000..a46bc63b6a5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/test-webonly-project/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: test-webonly-project
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/.helmignore b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/CHANGELOG.md b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/CHANGELOG.md
new file mode 100644
index 00000000000..0e0cb0af827
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/CHANGELOG.md
@@ -0,0 +1,528 @@
+## Unreleased
+
+## 0.27.0 (November 16, 2023)
+
+Changes:
+
+* Default `vault` version updated to 1.15.2
+
+Features:
+
+* server: Support setting `persistentVolumeClaimRetentionPolicy` on the StatefulSet [GH-965](https://github.com/hashicorp/vault-helm/pull/965)
+* server: Support setting labels on PVCs [GH-969](https://github.com/hashicorp/vault-helm/pull/969)
+* server: Support setting ingress rules for networkPolicy [GH-877](https://github.com/hashicorp/vault-helm/pull/877)
+
+Improvements:
+
+* Support exec in the server liveness probe [GH-971](https://github.com/hashicorp/vault-helm/pull/971)
+
+## 0.26.1 (October 30, 2023)
+
+Bugs:
+* Fix templating of `server.ha.replicas` when set via override file. The `0.26.0` chart would ignore `server.ha.replicas` and always deploy 3 server replicas when `server.ha.enabled=true` unless overridden by command line when issuing the helm command: `--set server.ha.replicas=<some_number>`. Fixed in [GH-961](https://github.com/hashicorp/vault-helm/pull/961)
+
+## 0.26.0 (October 27, 2023)
+
+Changes:
+* Default `vault` version updated to 1.15.1
+* Default `vault-k8s` version updated to 1.3.1
+* Default `vault-csi-provider` version updated to 1.4.1
+* Tested with Kubernetes versions 1.24-1.28
+* server: OpenShift default readiness probe returns 204 when uninitialized [GH-966](https://github.com/hashicorp/vault-helm/pull/966)
+
+Features:
+* server: Add support for dual stack clusters [GH-833](https://github.com/hashicorp/vault-helm/pull/833)
+* server: Support `hostAliases` for the StatefulSet pods [GH-955](https://github.com/hashicorp/vault-helm/pull/955)
+* server: Add `server.service.active.annotations` and `server.service.standby.annotations` [GH-896](https://github.com/hashicorp/vault-helm/pull/896)
+* server: Add long-lived service account token option [GH-923](https://github.com/hashicorp/vault-helm/pull/923)
+
+Bugs:
+* csi: Add namespace field to `csi-role` and `csi-rolebindings`. [GH-909](https://github.com/hashicorp/vault-helm/pull/909)
+
+Improvements:
+* global: Add `global.namespace` to override the helm installation namespace. [GH-909](https://github.com/hashicorp/vault-helm/pull/909)
+* server: use vault.fullname in Helm test [GH-912](https://github.com/hashicorp/vault-helm/pull/912)
+* server: Allow scaling HA replicas to zero [GH-943](https://github.com/hashicorp/vault-helm/pull/943)
+
+## 0.25.0 (June 26, 2023)
+
+Changes:
+* Latest Kubernetes version tested is now 1.27
+* server: Headless service ignores `server.service.publishNotReadyAddresses` setting and always sets it as `true` [GH-902](https://github.com/hashicorp/vault-helm/pull/902)
+* `vault` updated to 1.14.0 [GH-916](https://github.com/hashicorp/vault-helm/pull/916)
+* `vault-csi-provider` updated to 1.4.0 [GH-916](https://github.com/hashicorp/vault-helm/pull/916)
+
+Improvements:
+* CSI: Make `nodeSelector` and `affinity` configurable for CSI daemonset's pods [GH-862](https://github.com/hashicorp/vault-helm/pull/862)
+* injector: Add `ephemeralLimit` and `ephemeralRequest` as options for configuring Agent's ephemeral storage resources [GH-798](https://github.com/hashicorp/vault-helm/pull/798)
+* Minimum kubernetes version for chart reverted to 1.20.0 to allow installation on clusters older than the oldest tested version [GH-916](https://github.com/hashicorp/vault-helm/pull/916)
+
+Bugs:
+* server: Set the default for `prometheusRules.rules` to an empty list [GH-886](https://github.com/hashicorp/vault-helm/pull/886)
+
+## 0.24.1 (April 17, 2023)
+
+Bugs:
+* csi: Add RBAC required by v1.3.0 to create secret for HMAC key used to generate secret versions [GH-872](https://github.com/hashicorp/vault-helm/pull/872)
+
+## 0.24.0 (April 6, 2023)
+
+Changes:
+* Earliest Kubernetes version tested is now 1.22
+* `vault` updated to 1.13.1 [GH-863](https://github.com/hashicorp/vault-helm/pull/863)
+* `vault-k8s` updated to 1.2.1 [GH-868](https://github.com/hashicorp/vault-helm/pull/868)
+* `vault-csi-provider` updated to 1.3.0 [GH-749](https://github.com/hashicorp/vault-helm/pull/749)
+
+Features:
+* server: New `extraPorts` option for adding ports to the Vault server statefulset [GH-841](https://github.com/hashicorp/vault-helm/pull/841)
+* server: Add configurable Port Number in readinessProbe and livenessProbe for the server-statefulset [GH-831](https://github.com/hashicorp/vault-helm/pull/831)
+* injector: Make livenessProbe and readinessProbe configurable and add configurable startupProbe [GH-852](https://github.com/hashicorp/vault-helm/pull/852)
+* csi: Add an Agent sidecar to Vault CSI Provider pods to provide lease caching and renewals [GH-749](https://github.com/hashicorp/vault-helm/pull/749)
+
+## 0.23.0 (November 28th, 2022)
+
+Changes:
+* `vault` updated to 1.12.1 [GH-814](https://github.com/hashicorp/vault-helm/pull/814)
+* `vault-k8s` updated to 1.1.0 [GH-814](https://github.com/hashicorp/vault-helm/pull/814)
+* `vault-csi-provider` updated to 1.2.1 [GH-814](https://github.com/hashicorp/vault-helm/pull/814)
+
+Features:
+* server: Add `extraLabels` for Vault server serviceAccount [GH-806](https://github.com/hashicorp/vault-helm/pull/806)
+* server: Add `server.service.active.enabled` and `server.service.standby.enabled` options to selectively disable additional services [GH-811](https://github.com/hashicorp/vault-helm/pull/811)
+* server: Add `server.serviceAccount.serviceDiscovery.enabled` option to selectively disable a Vault service discovery role and role binding [GH-811](https://github.com/hashicorp/vault-helm/pull/811)
+* server: Add `server.service.instanceSelector.enabled` option to allow selecting pods outside the helm chart deployment [GH-813](https://github.com/hashicorp/vault-helm/pull/813)
+
+Bugs:
+* server: Quote `.server.ha.clusterAddr` value [GH-810](https://github.com/hashicorp/vault-helm/pull/810)
+
+## 0.22.1 (October 26th, 2022)
+
+Changes:
+* `vault` updated to 1.12.0 [GH-803](https://github.com/hashicorp/vault-helm/pull/803)
+* `vault-k8s` updated to 1.0.1 [GH-803](https://github.com/hashicorp/vault-helm/pull/803)
+
+## 0.22.0 (September 8th, 2022)
+
+Features:
+* Add PrometheusOperator support for collecting Vault server metrics. [GH-772](https://github.com/hashicorp/vault-helm/pull/772)
+
+Changes:
+* `vault-k8s` to 1.0.0 [GH-784](https://github.com/hashicorp/vault-helm/pull/784)
+* Test against Kubernetes 1.25 [GH-784](https://github.com/hashicorp/vault-helm/pull/784)
+* `vault` updated to 1.11.3 [GH-785](https://github.com/hashicorp/vault-helm/pull/785)
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/CODEOWNERS b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/CODEOWNERS
new file mode 100644
index 00000000000..af6a3500f55
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/CODEOWNERS
@@ -0,0 +1 @@
+* @hashicorp/vault-ecosystem-foundations
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/CONTRIBUTING.md b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/Chart.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/Chart.yaml
new file mode 100644
index 00000000000..783305ad839
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/Chart.yaml
@@ -0,0 +1,23 @@
+annotations:
+  charts.openshift.io/name: testing-e2e-helm-chart
+apiVersion: v2
+appVersion: 1.15.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.27.0-0'
+name: testing-e2e-helm-chart
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.0.2
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/LICENSE b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/LICENSE
new file mode 100644
index 00000000000..74f38c01038
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/LICENSE
@@ -0,0 +1,355 @@
+Copyright (c) 2018 HashiCorp, Inc.
+
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/Makefile b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/Makefile
new file mode 100644
index 00000000000..56002206452
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.26.3
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats --tap --timing test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/README.md b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/README.md
new file mode 100644
index 00000000000..256bd8b915d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://developer.hashicorp.com/vault/docs/platform/k8s).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.22+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://developer.hashicorp.com/vault/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/NOTES.txt b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/NOTES.txt
new file mode 100644
index 00000000000..60d99a4e56a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://developer.hashicorp.com/vault/docs
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/_helpers.tpl b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..8f77f92200a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/_helpers.tpl
@@ -0,0 +1,1077 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Allow the release namespace to be overridden
+*/}}
+{{- define "vault.namespace" -}}
+{{- default .Release.Namespace .Values.global.namespace -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server serviceaccount should have a token created and mounted to the serviceaccount.
+*/}}
+{{- define "vault.serverServiceAccountSecretCreationEnabled" -}}
+{{- $_ := set . "serverServiceAccountSecretCreationEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true")
+    (eq (.Values.server.serviceAccount.createSecret | toString) "true")) -}}
+{{- end -}}
+
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- if or (kindIs "int64" .Values.server.ha.replicas) (kindIs "float64" .Values.server.ha.replicas) -}}
+      {{- .Values.server.ha.replicas -}}
+    {{ else }}
+      {{- 3 -}}
+    {{- end -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+        {{- include "vault.dataVolumeClaim.labels" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+        {{- include "vault.auditVolumeClaim.labels" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service (active) annotations
+*/}}
+{{- define "vault.service.active.annotations" -}}
+  {{- if .Values.server.service.active.annotations }}
+    {{- $tp := typeOf .Values.server.service.active.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.active.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.active.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.standby.annotations" -}}
+  {{- if .Values.server.service.standby.annotations }}
+    {{- $tp := typeOf .Values.server.service.standby.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.standby.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.standby.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim labels for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.labels" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.labels) }}
+  labels:
+    {{- $tp := typeOf .Values.server.dataStorage.labels }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.labels . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.labels | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim labels for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.labels" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.labels) }}
+  labels:
+    {{- $tp := typeOf .Values.server.auditStorage.labels }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.labels . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.labels | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources for CSI's Agent sidecar if the user has set any.
+*/}}
+{{- define "csi.agent.resources" -}}
+  {{- if .Values.csi.agent.resources -}}
+          resources:
+{{ toYaml .Values.csi.agent.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the CSI provider nodeSelector for pod placement
+*/}}
+{{- define "csi.pod.nodeselector" -}}
+  {{- if .Values.csi.pod.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.csi.pod.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+{{/*
+Sets the CSI provider affinity for pod placement.
+*/}}
+{{- define "csi.pod.affinity" -}}
+  {{- if .Values.csi.pod.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.csi.pod.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.csi.pod.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.csi.pod.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-agent-configmap.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-agent-configmap.yaml
new file mode 100644
index 00000000000..18cdb04ac45
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-agent-configmap.yaml
@@ -0,0 +1,34 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.csiEnabled" . -}}
+{{- if and (.csiEnabled) (eq (.Values.csi.agent.enabled | toString) "true") -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-agent-config
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  config.hcl: |
+    vault {
+        {{- if .Values.global.externalVaultAddr }}
+        "address" = "{{ .Values.global.externalVaultAddr }}"
+        {{- else }}
+        "address" = "{{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}"
+        {{- end }}
+    }
+
+    cache {}
+
+    listener "unix" {
+        address = "/var/run/vault/agent.sock"
+        tls_disable = true
+    }
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-clusterrole.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..6d979ea40c5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,23 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..506ec944a7a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ include "vault.namespace" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-daemonset.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..1436ff90589
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-daemonset.yaml
@@ -0,0 +1,157 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      {{- template "csi.pod.nodeselector" . }}
+      {{- template "csi.pod.affinity" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.hmacSecretName }}
+            - --hmac-secret-name={{ .Values.csi.hmacSecretName }}
+            {{- else }}
+            - --hmac-secret-name={{- include "vault.name" . }}-csi-provider-hmac-key
+            {{- end }}
+            {{- if .Values.csi.extraArgs }}
+            {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if eq (.Values.csi.agent.enabled | toString) "true" }}
+              value: "unix:///var/run/vault/agent.sock"
+            {{- else if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            {{- if eq (.Values.csi.agent.enabled | toString) "true" }}
+            - name: agent-unix-socket
+              mountPath: /var/run/vault
+            {{- end }}
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+        {{- if eq (.Values.csi.agent.enabled | toString) "true" }}
+        - name: {{ include "vault.name" . }}-agent
+          image: "{{ .Values.csi.agent.image.repository }}:{{ .Values.csi.agent.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.agent.image.pullPolicy }}
+          {{ template "csi.agent.resources" . }}
+          command:
+            - vault
+          args:
+            - agent
+            - -config=/etc/vault/config.hcl
+            {{- if .Values.csi.agent.extraArgs }}
+            {{- toYaml .Values.csi.agent.extraArgs | nindent 12 }}
+            {{- end }}
+          ports:
+            - containerPort: 8200
+          env:
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.csi.agent.logLevel }}"
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.csi.agent.logFormat }}"
+          securityContext:
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsUser: 100
+            runAsGroup: 1000
+          volumeMounts:
+            - name: agent-config
+              mountPath: /etc/vault/config.hcl
+              subPath: config.hcl
+              readOnly: true
+            - name: agent-unix-socket
+              mountPath: /var/run/vault
+            {{- if .Values.csi.volumeMounts }}
+            {{- toYaml .Values.csi.volumeMounts | nindent 12 }}
+            {{- end }}
+        {{- end }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        {{- if eq (.Values.csi.agent.enabled | toString) "true" }}
+        - name: agent-config
+          configMap:
+            name: {{ template "vault.fullname" . }}-csi-provider-agent-config
+        - name: agent-unix-socket
+          emptyDir:
+            medium: Memory
+        {{- end }}
+        {{- if .Values.csi.volumes }}
+        {{- toYaml .Values.csi.volumes | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-role.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-role.yaml
new file mode 100644
index 00000000000..17e1918b4fa
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-role.yaml
@@ -0,0 +1,32 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-role
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get"]
+  resourceNames:
+    {{- if .Values.csi.hmacSecretName }}
+    - {{ .Values.csi.hmacSecretName }}
+    {{- else }}
+    - {{ include "vault.name" . }}-csi-provider-hmac-key
+    {{- end }}
+# 'create' permissions cannot be restricted by resource name:
+# https://kubernetes.io/docs/reference/access-authn-authz/rbac/#referring-to-resources
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["create"]
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-rolebinding.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-rolebinding.yaml
new file mode 100644
index 00000000000..3d3b981b854
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-rolebinding.yaml
@@ -0,0 +1,25 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-rolebinding
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-csi-provider-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ include "vault.namespace" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..6327a7b2fae
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,21 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-certs-secret.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..f6995af1085
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,19 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-clusterrole.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..d5682dd76a7
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,24 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..82cbce0ced5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ include "vault.namespace" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-deployment.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..822e8e41dcc
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-deployment.yaml
@@ -0,0 +1,179 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ include "vault.namespace" . }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            {{- if .Values.injector.agentDefaults.ephemeralRequest }}
+            - name: AGENT_INJECT_EPHEMERAL_REQUEST
+              value: "{{ .Values.injector.agentDefaults.ephemeralRequest }}"
+            {{- end }}
+            {{- if .Values.injector.agentDefaults.ephemeralLimit }}
+            - name: AGENT_INJECT_EPHEMERAL_LIMIT
+              value: "{{ .Values.injector.agentDefaults.ephemeralLimit }}"
+            {{- end }}
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: {{ .Values.injector.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.injector.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.injector.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.injector.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.injector.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: {{ .Values.injector.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.injector.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.injector.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.injector.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.injector.readinessProbe.timeoutSeconds }}
+          startupProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: {{ .Values.injector.startupProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.injector.startupProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.injector.startupProbe.periodSeconds }}
+            successThreshold: {{ .Values.injector.startupProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.injector.startupProbe.timeoutSeconds }}
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..2b2a61c6fe8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,25 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-mutating-webhook.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..b1de1ee3f48
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,44 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ include "vault.namespace" . }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-network-policy.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..4c3b0878280
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-network-policy.yaml
@@ -0,0 +1,29 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-psp-role.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..a07f8f6c0ce
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-psp-role.yaml
@@ -0,0 +1,25 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..3c97e8dad0f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,26 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-psp.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..0eca9a87c66
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-psp.yaml
@@ -0,0 +1,51 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-role.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..b2ad0c7b98f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-role.yaml
@@ -0,0 +1,34 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-rolebinding.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..6ad25ca695d
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,27 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ include "vault.namespace" . }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-service.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..1479cd1ab93
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-service.yaml
@@ -0,0 +1,27 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..2f91c3d4aa8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,18 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/prometheus-prometheusrules.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/prometheus-prometheusrules.yaml
new file mode 100644
index 00000000000..7e58a0e5227
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/prometheus-prometheusrules.yaml
@@ -0,0 +1,31 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ if and (.Values.serverTelemetry.prometheusRules.rules)
+     (or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.prometheusRules.enabled) )
+}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PrometheusRule
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}}
+    {{- $selectors := .Values.serverTelemetry.prometheusRules.selectors }}
+    {{- if $selectors }}
+    {{- toYaml $selectors | nindent 4 }}
+    {{- else }}
+    release: prometheus
+    {{- end }}
+spec:
+  groups:
+  - name: {{ include "vault.fullname" . }}
+    rules:
+      {{- toYaml .Values.serverTelemetry.prometheusRules.rules | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/prometheus-servicemonitor.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/prometheus-servicemonitor.yaml
new file mode 100644
index 00000000000..25d30a468e8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/prometheus-servicemonitor.yaml
@@ -0,0 +1,49 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{ if or (.Values.global.serverTelemetry.prometheusOperator) (.Values.serverTelemetry.serviceMonitor.enabled) }}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- /* update the selectors docs in values.yaml whenever the defaults below change. */ -}}
+    {{- $selectors := .Values.serverTelemetry.serviceMonitor.selectors }}
+    {{- if $selectors }}
+    {{- toYaml $selectors | nindent 4 }}
+    {{- else }}
+    release: prometheus
+    {{- end }}
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      {{- if eq .mode "ha" }}
+      vault-active: "true"
+      {{- else }}
+      vault-internal: "true"
+      {{- end }}
+  endpoints:
+  - port: {{ include "vault.scheme" . }}
+    interval: {{ .Values.serverTelemetry.serviceMonitor.interval }}
+    scrapeTimeout: {{ .Values.serverTelemetry.serviceMonitor.scrapeTimeout }}
+    scheme: {{ include "vault.scheme" . | lower }}
+    path: /v1/sys/metrics
+    params:
+      format:
+      - prometheus
+    tlsConfig:
+      insecureSkipVerify: true
+  namespaceSelector:
+    matchNames:
+      - {{ include "vault.namespace" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-clusterrolebinding.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..14ec838a04e
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,29 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ include "vault.namespace" . }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-config-configmap.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..5c660579fe6
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-config-configmap.yaml
@@ -0,0 +1,45 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-discovery-role.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..0cbdefaff09
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-discovery-role.yaml
@@ -0,0 +1,26 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if eq (.Values.server.serviceAccount.serviceDiscovery.enabled | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ include "vault.namespace" . }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-discovery-rolebinding.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..87b0f6170d9
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,34 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if eq (.Values.server.serviceAccount.serviceDiscovery.enabled | toString) "true" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ include "vault.namespace" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-disruptionbudget.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..bbe9eb29951
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,31 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-ha-active-service.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..9d2abfbb15b
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,64 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if eq (.Values.server.service.active.enabled | toString) "true" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    vault-active: "true"
+  annotations:
+{{- template "vault.service.active.annotations" . }}
+{{- template "vault.service.annotations" . }}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
+  {{- if .Values.server.service.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
+  {{- end }}
+  {{- if .Values.server.service.ipFamilies }}
+  ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- end }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-ha-standby-service.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..bae1e28345f
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,63 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if eq (.Values.server.service.standby.enabled | toString) "true" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{- template "vault.service.standby.annotations" . }}
+{{- template "vault.service.annotations" . }}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
+  {{- if .Values.server.service.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
+  {{- end }}
+  {{- if .Values.server.service.ipFamilies }}
+  ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- end }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-headless-service.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..c0f4d346040
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-headless-service.yaml
@@ -0,0 +1,47 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    vault-internal: "true"
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
+  {{- if .Values.server.service.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
+  {{- end }}
+  {{- if .Values.server.service.ipFamilies }}
+  ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
+  {{- end }}
+  {{- end }}
+  clusterIP: None
+  publishNotReadyAddresses: true
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-ingress.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..d796bae4169
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-ingress.yaml
@@ -0,0 +1,69 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            pathType: {{ $pathType }}
+            backend:
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-network-policy.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..43dcdb16fd8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-network-policy.yaml
@@ -0,0 +1,24 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress: {{- toYaml .Values.server.networkPolicy.ingress | nindent 4 }}
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-psp-role.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..64cd6c50767
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-psp-role.yaml
@@ -0,0 +1,25 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-psp-rolebinding.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..342f5537962
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,26 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-psp.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..567e66245e4
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-psp.yaml
@@ -0,0 +1,54 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-route.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-route.yaml
new file mode 100644
index 00000000000..4e955555ab5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-route.yaml
@@ -0,0 +1,39 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-service.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-service.yaml
new file mode 100644
index 00000000000..c12e190cb39
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-service.yaml
@@ -0,0 +1,59 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
+  {{- if .Values.server.service.ipFamilyPolicy }}
+  ipFamilyPolicy: {{ .Values.server.service.ipFamilyPolicy }}
+  {{- end }}
+  {{- if .Values.server.service.ipFamilies }}
+  ipFamilies: {{ .Values.server.service.ipFamilies | toYaml | nindent 2 }}
+  {{- end }}
+  {{- end }}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    {{- if eq (.Values.server.service.instanceSelector.enabled | toString) "true" }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    {{- end }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-serviceaccount-secret.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-serviceaccount-secret.yaml
new file mode 100644
index 00000000000..74d70f90054
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-serviceaccount-secret.yaml
@@ -0,0 +1,21 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.serverServiceAccountSecretCreationEnabled" . }}
+{{- if .serverServiceAccountSecretCreationEnabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}-token
+  namespace: {{ include "vault.namespace" . }}
+  annotations:
+    kubernetes.io/service-account.name: {{ template "vault.serviceAccount.name" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+type: kubernetes.io/service-account-token
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-serviceaccount.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..216ea6178a6
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,22 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.server.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.server.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-statefulset.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..0d8e604d070
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/server-statefulset.yaml
@@ -0,0 +1,232 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  {{- if and (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) (.Values.server.persistentVolumeClaimRetentionPolicy) }}
+  persistentVolumeClaimRetentionPolicy: {{ toYaml .Values.server.persistentVolumeClaimRetentionPolicy | nindent 4 }}
+  {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.server.hostNetwork }}
+      {{- end }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.hostAliases }}
+      hostAliases:
+        {{ toYaml .Values.server.hostAliases | nindent 8}}
+      {{- end }}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr | quote }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.extraPorts -}}
+          {{ toYaml .Values.server.extraPorts | nindent 12}}
+          {{- end }}
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: {{ .Values.server.readinessProbe.port }}
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            {{- if .Values.server.livenessProbe.execCommand }}
+            exec:
+              command:
+                {{- range (.Values.server.livenessProbe.execCommand) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- else }}
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: {{ .Values.server.livenessProbe.port }}
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- end }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/tests/server-test.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..20e2e5a5a14
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/tests/server-test.yaml
@@ -0,0 +1,56 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: {{ template "vault.fullname" . }}-server-test
+  namespace: {{ include "vault.namespace" . }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ include "vault.namespace" . }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/ui-service.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..95370842e76
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/templates/ui-service.yaml
@@ -0,0 +1,50 @@
+{{/*
+Copyright (c) HashiCorp, Inc.
+SPDX-License-Identifier: MPL-2.0
+*/}}
+
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ include "vault.namespace" . }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  {{- if (semverCompare ">= 1.23-0" .Capabilities.KubeVersion.Version) }}
+  {{- if .Values.ui.serviceIPFamilyPolicy }}
+  ipFamilyPolicy: {{ .Values.ui.serviceIPFamilyPolicy }}
+  {{- end }}
+  {{- if .Values.ui.serviceIPFamilies }}
+  ipFamilies: {{ .Values.ui.serviceIPFamilies | toYaml | nindent 2 }}
+  {{- end }}
+  {{- end }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/values.openshift.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/values.openshift.yaml
new file mode 100644
index 00000000000..bafc5e699d8
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/values.openshift.yaml
@@ -0,0 +1,24 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "1.3.1-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.15.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.15.2-ubi"
+
+  readinessProbe:
+    path: "/v1/sys/health?uninitcode=204"
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/values.schema.json b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/values.schema.json
new file mode 100644
index 00000000000..9760657333c
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/values.schema.json
@@ -0,0 +1,1215 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "agent": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraArgs": {
+                            "type": "array"
+                        },
+                        "image": {
+                            "type": "object",
+                            "properties": {
+                                "pullPolicy": {
+                                    "type": "string"
+                                },
+                                "repository": {
+                                    "type": "string"
+                                },
+                                "tag": {
+                                    "type": "string"
+                                }
+                            }
+                        },
+                        "logFormat": {
+                            "type": "string"
+                        },
+                        "logLevel": {
+                            "type": "string"
+                        },
+                        "resources": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "affinity": {
+                            "type": [
+                              "null",
+                              "object",
+                              "string"
+                            ]
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "nodeSelector": {
+                            "type": [
+                              "null",
+                              "object",
+                              "string"
+                            ]
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "namespace": {
+                    "type": "string"
+                },        
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "ephemeralLimit": {
+                            "type": "string"
+                        },
+                        "ephemeralRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "labels": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "labels": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "persistentVolumeClaimRetentionPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "whenDeleted": {
+                            "type": "string"
+                        },
+                        "whenScaled": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraPorts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "hostAliases": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "execCommand": {
+                            "type": "array"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "ingress": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "active": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "annotations": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "instanceSelector": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "standby": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "annotations": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        },
+                        "ipFamilyPolicy": {
+                            "type": "string"
+                        },
+                        "ipFamilies": {
+                            "type": [
+                                "array"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "createSecret": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        },
+                        "serviceDiscovery": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                }
+                            }
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "serverTelemetry": {
+            "type": "object",
+            "properties": {
+                "prometheusRules": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "rules": {
+                            "type": "array"
+                        },
+                        "selectors": {
+                            "type": "object"
+                        }
+                    }
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                },
+                "serviceIPFamilyPolicy": {
+                    "type": [
+                        "string"
+                    ]
+                },
+                "serviceIPFamilies": {
+                    "type": [
+                        "array"
+                    ]
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/values.yaml b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/values.yaml
new file mode 100644
index 00000000000..dcf5ee77234
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/0.0.2/src/values.yaml
@@ -0,0 +1,1180 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
+# Available parameters and their default values for the Vault chart.
+
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # The namespace to deploy to. Defaults to the `helm` installation namespace.
+  namespace: ""
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+  serverTelemetry:
+    # Enable integration with the Prometheus Operator
+    # See the top level serverTelemetry section below before enabling this feature.
+    prometheusOperator: false
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "1.3.1-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.15.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # ephemeralLimit: "128Mi"
+    # ephemeralRequest: "64Mi"
+
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Used to define custom livenessProbe settings
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 2
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 5
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 2
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 5
+  # Used to define custom startupProbe settings
+  startupProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 12
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 5
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while the webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be a multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.15.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # hostAliases is a list of aliases to be added to /etc/hosts. Specified as a YAML list.
+  hostAliases: []
+  # - ip: 127.0.0.1
+  #   hostnames:
+  #     - chart-example.local
+
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method. See https://developer.hashicorp.com/vault/docs/auth/kubernetes
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for a log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # extraPorts is a list of extra ports. Specified as a YAML list.
+  # This is useful if you need to add additional ports to the statefulset in dynamic way.
+  extraPorts: null
+  # - containerPort: 8300
+  #   name: http-monitoring
+
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # Port number on which readinessProbe will be checked.
+    port: 8200
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+    path: "/v1/sys/health?uninitcode=204"
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    # Used to define a liveness exec command. If provided, exec is preferred to httpGet (path) as the livenessProbe handler.
+    execCommand: []
+    # - /bin/sh
+    # - -c
+    # - /vault/userconfig/mylivenessscript/run.sh
+    # Path for the livenessProbe to use httpGet as the livenessProbe handler
+    path: "/v1/sys/health?standbyok=true"
+    # Port number on which livenessProbe will be checked if httpGet is used as the livenessProbe handler
+    port: 8200
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+    ingress:
+      - from:
+          - namespaceSelector: {}
+        ports:
+          - port: 8200
+            protocol: TCP
+          - port: 8201
+            protocol: TCP
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # Enable or disable the vault-active service, which selects Vault pods that
+    # have labeled themselves as the cluster leader with `vault-active: "true"`.
+    active:
+      enabled: true
+      # Extra annotations for the service definition. This can either be YAML or a
+      # YAML-formatted multi-line templated string map of the annotations to apply
+      # to the active service.
+      annotations: {}
+    # Enable or disable the vault-standby service, which selects Vault pods that
+    # have labeled themselves as a cluster follower with `vault-active: "false"`.
+    standby:
+      enabled: true
+      # Extra annotations for the service definition. This can either be YAML or a
+      # YAML-formatted multi-line templated string map of the annotations to apply
+      # to the standby service.
+      annotations: {}
+    # If enabled, the service selectors will include `app.kubernetes.io/instance: {{ .Release.Name }}`
+    # When disabled, services may select Vault pods not deployed from the chart.
+    # Does not affect the headless vault-internal service with `ClusterIP: None`
+    instanceSelector:
+      enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default, the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round-robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # The IP family and IP families options are to set the behaviour in a dual-stack environment.
+    # Omitting these values will let the service fall back to whatever the CNI dictates the defaults
+    # should be.
+    # These are only supported for kubernetes versions >=1.23.0
+    #
+    # Configures the service's supported IP family policy, can be either:
+    #     SingleStack: Single-stack service. The control plane allocates a cluster IP for the Service, using the first configured service cluster IP range.
+    #     PreferDualStack: Allocates IPv4 and IPv6 cluster IPs for the Service.
+    #     RequireDualStack: Allocates Service .spec.ClusterIPs from both IPv4 and IPv6 address ranges.
+    ipFamilyPolicy: ""
+    # Sets the families that should be supported and the order in which they should be applied to ClusterIP as well.
+    # Can be IPv4 and/or IPv6.
+    ipFamilies: []
+    # Do not wait for pods to be ready before including them in the services'
+    # targets. Does not apply to the headless service, which is used for
+    # cluster-internal communication.
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://developer.hashicorp.com/vault/docs/configuration/storage to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+    # Labels to apply to the PVC
+    labels: {}
+  # Persistent Volume Claim (PVC) retention policy
+  # ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
+  # Example:
+  # persistentVolumeClaimRetentionPolicy:
+  #   whenDeleted: Retain
+  #   whenScaled: Retain
+  persistentVolumeClaimRetentionPolicy: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized, and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://developer.hashicorp.com/vault/docs/audit to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+    # Labels to apply to the PVC
+    labels: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://developer.hashicorp.com/vault/docs/concepts/dev-server to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+        # Enable unauthenticated metrics access (necessary for Prometheus Operator)
+        #telemetry {
+        #  unauthenticated_metrics_access = "true"
+        #}
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+
+      # Example configuration for enabling Prometheus metrics in your config.
+      #telemetry {
+      #  prometheus_retention_time = "30s"
+      #  disable_hostname = true
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless the audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://developer.hashicorp.com/vault/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://developer.hashicorp.com/vault/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+          # Enable unauthenticated metrics access (necessary for Prometheus Operator)
+          #telemetry {
+          #  unauthenticated_metrics_access = "true"
+          #}
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://developer.hashicorp.com/vault/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+
+      # Example configuration for enabling Prometheus metrics.
+      # If you are using Prometheus Operator you can enable a ServiceMonitor resource below.
+      # You may wish to enable unauthenticated metrics in the listener block above.
+      #telemetry {
+      #  prometheus_retention_time = "30s"
+      #  disable_hostname = true
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Create a Secret API object to store a non-expiring token for the service account.
+    # Prior to v1.24.0, Kubernetes used to generate this secret for each service account by default.
+    # Kubernetes now recommends using short-lived tokens from the TokenRequest API or projected volumes instead if possible.
+    # For more details, see https://kubernetes.io/docs/concepts/configuration/secret/#service-account-token-secrets
+    # serviceAccount.create must be equal to 'true' in order to use this feature.
+    createSecret: false
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the serviceAccount
+    # This should be a YAML map of the labels to apply to the serviceAccount
+    extraLabels: {}
+    # Enable or disable a service account role binding with the permissions required for
+    # Vault's Kubernetes service_registration config option.
+    # See https://developer.hashicorp.com/vault/docs/configuration/service-registration/kubernetes
+    serviceDiscovery:
+      enabled: true
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container:
+    #   allowPrivilegeEscalation: false
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container: {}
+    securityContext:
+      pod: {}
+      container: {}
+  # Should the server pods run on the host network
+  hostNetwork: false
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The IP family and IP families options are to set the behaviour in a dual-stack environment.
+  # Omitting these values will let the service fall back to whatever the CNI dictates the defaults
+  # should be.
+  # These are only supported for kubernetes versions >=1.23.0
+  #
+  # Configures the service's supported IP family, can be either:
+  #     SingleStack: Single-stack service. The control plane allocates a cluster IP for the Service, using the first configured service cluster IP range.
+  #     PreferDualStack: Allocates IPv4 and IPv6 cluster IPs for the Service.
+  #     RequireDualStack: Allocates Service .spec.ClusterIPs from both IPv4 and IPv6 address ranges.
+  serviceIPFamilyPolicy: ""
+  # Sets the families that should be supported and the order in which they should be applied to ClusterIP as well
+  # Can be IPv4 and/or IPv6.
+  serviceIPFamilies: []
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.4.1"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Override the default secret name for the CSI Provider's HMAC key used for
+  # generating secret versions.
+  hmacSecretName: ""
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # nodeSelector labels for csi pod assignment, formatted as a multi-line string or YAML map.
+    # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+    # Example:
+    # nodeSelector:
+    #   beta.kubernetes.io/arch: amd64
+    nodeSelector: {}
+    # Affinity Settings
+    # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+    affinity: {}
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  agent:
+    enabled: true
+    extraArgs: []
+    image:
+      repository: "hashicorp/vault"
+      tag: "1.15.2"
+      pullPolicy: IfNotPresent
+    logFormat: standard
+    logLevel: info
+    resources: {}
+    # resources:
+    #   requests:
+    #     memory: 256Mi
+    #     cpu: 250m
+    #   limits:
+    #     memory: 256Mi
+    #     cpu: 250m
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://developer.hashicorp.com/vault/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
+# Vault is able to collect and publish various runtime metrics.
+# Enabling this feature requires setting adding `telemetry{}` stanza to
+# the Vault configuration. There are a few examples included in the `config` sections above.
+#
+# For more information see:
+# https://developer.hashicorp.com/vault/docs/configuration/telemetry
+# https://developer.hashicorp.com/vault/docs/internals/telemetry
+serverTelemetry:
+  # Enable support for the Prometheus Operator. Currently, this chart does not support
+  # authenticating to Vault's metrics endpoint, so the following `telemetry{}` must be included
+  # in the `listener "tcp"{}` stanza
+  #  telemetry {
+  #    unauthenticated_metrics_access = "true"
+  #  }
+  #
+  # See the `standalone.config` for a more complete example of this.
+  #
+  # In addition, a top level `telemetry{}` stanza must also be included in the Vault configuration:
+  #
+  # example:
+  #  telemetry {
+  #    prometheus_retention_time = "30s"
+  #    disable_hostname = true
+  #  }
+  #
+  # Configuration for monitoring the Vault server.
+  serviceMonitor:
+    # The Prometheus operator *must* be installed before enabling this feature,
+    # if not the chart will fail to install due to missing CustomResourceDefinitions
+    # provided by the operator.
+    #
+    # Instructions on how to install the Helm chart can be found here:
+    #  https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
+    # More information can be found here:
+    #  https://github.com/prometheus-operator/prometheus-operator
+    #  https://github.com/prometheus-operator/kube-prometheus
+
+    # Enable deployment of the Vault Server ServiceMonitor CustomResource.
+    enabled: false
+    # Selector labels to add to the ServiceMonitor.
+    # When empty, defaults to:
+    #  release: prometheus
+    selectors: {}
+    # Interval at which Prometheus scrapes metrics
+    interval: 30s
+    # Timeout for Prometheus scrapes
+    scrapeTimeout: 10s
+  prometheusRules:
+    # The Prometheus operator *must* be installed before enabling this feature,
+    # if not the chart will fail to install due to missing CustomResourceDefinitions
+    # provided by the operator.
+
+    # Deploy the PrometheusRule custom resource for AlertManager based alerts.
+    # Requires that AlertManager is properly deployed.
+    enabled: false
+    # Selector labels to add to the PrometheusRules.
+    # When empty, defaults to:
+    #  release: prometheus
+    selectors: {}
+    # Some example rules.
+    rules: []
+    #  - alert: vault-HighResponseTime
+    #    annotations:
+    #      message: The response time of Vault is over 500ms on average over the last 5 minutes.
+    #    expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 500
+    #    for: 5m
+    #    labels:
+    #      severity: warning
+    #  - alert: vault-HighResponseTime
+    #    annotations:
+    #      message: The response time of Vault is over 1s on average over the last 5 minutes.
+    #    expr: vault_core_handle_request{quantile="0.5", namespace="mynamespace"} > 1000
+    #    for: 5m
+    #    labels:
+    #      severity: critical
diff --git a/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/OWNERS b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/OWNERS
new file mode 100644
index 00000000000..322316caed6
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-e2e-helm-chart/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: testing-e2e-helm-chart
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: bovem
+- githubUsername: opcert
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/testing-helm-chart-e2e/OWNERS b/charts/partners/opcert-e2e-testing/testing-helm-chart-e2e/OWNERS
new file mode 100644
index 00000000000..f65ae526b3a
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-helm-chart-e2e/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: testing-helm-chart-e2e
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/testing-webonly-helm-chart-415/0.0.2/report.yaml b/charts/partners/opcert-e2e-testing/testing-webonly-helm-chart-415/0.0.2/report.yaml
new file mode 100644
index 00000000000..d17a6414662
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-webonly-helm-chart-415/0.0.2/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.13.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:5488063135973492304
+        chart-uri: N/A
+        digests:
+            chart: sha256:65166eac3668fa7cbf9f6e97fda52c3bdc9602661794b0fe70aeb32e2d30fd77
+            package: 7282fe437e3f4749704fc8be58cf4eeec023ccc5bb3af885cf75b042384b9973
+        lastCertifiedTimestamp: "2024-01-19T14:55:44.988311+00:00"
+        testedOpenShiftVersion: "4.15"
+        supportedOpenShiftVersions: '>=4.14'
+        webCatalogOnly: true
+    chart:
+        name: testing-webonly-helm-chart-415
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.0.2
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.15.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: testing-webonly-helm-chart-415
+        kubeversion: '>= 1.27.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:1.3.1-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.15.2-ubi
+
diff --git a/charts/partners/opcert-e2e-testing/testing-webonly-helm-chart-415/OWNERS b/charts/partners/opcert-e2e-testing/testing-webonly-helm-chart-415/OWNERS
new file mode 100644
index 00000000000..326b1c97905
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/testing-webonly-helm-chart-415/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: testing-webonly-helm-chart-415
+  shortDescription: testing-webonly-helm-chart-415
+providerDelivery: true
+publicPgpKey: unknown
+users:
+- githubUsername: bovem
+- githubUsername: opcert
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/webonly-helm-chart/0.21.0/report.yaml b/charts/partners/opcert-e2e-testing/webonly-helm-chart/0.21.0/report.yaml
new file mode 100644
index 00000000000..619e4710371
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/webonly-helm-chart/0.21.0/report.yaml
@@ -0,0 +1,107 @@
+W0504 07:13:53.851944       1 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "sidecar-injector" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "sidecar-injector" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "sidecar-injector" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "sidecar-injector" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
+W0504 07:13:53.938791       1 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "vault" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "vault" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "vault" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "vault" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
+W0504 07:14:36.385739       1 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "webonly-helm-chart-34ajuulsva-server-test" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "webonly-helm-chart-34ajuulsva-server-test" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "webonly-helm-chart-34ajuulsva-server-test" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "webonly-helm-chart-34ajuulsva-server-test" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.10.1
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:2414480072003157901
+        chart-uri: N/A
+        digests:
+            chart: sha256:e520d6c00899517daa32753ccb4d4884d39d526039fd75e1b69801da9e29203c
+            package: 0d572cae05fb97d87613587df0e585e8f61c0792811b9c2a8ca54f470cef7bf8
+        lastCertifiedTimestamp: "2023-05-04T07:14:48.455598+00:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: true
+    chart:
+        name: webonly-helm-chart
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: webonly-helm-chart
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/opcert-e2e-testing/webonly-helm-chart/OWNERS b/charts/partners/opcert-e2e-testing/webonly-helm-chart/OWNERS
new file mode 100644
index 00000000000..5d5bb3164ca
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/webonly-helm-chart/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: webonly-helm-chart
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users:
+- githubUsername: bovem
+- githubUsername: opcert
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/opcert-e2e-testing/webonly-test/OWNERS b/charts/partners/opcert-e2e-testing/webonly-test/OWNERS
new file mode 100644
index 00000000000..f93ab7005a5
--- /dev/null
+++ b/charts/partners/opcert-e2e-testing/webonly-test/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: webonly-test
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: opcert-e2e-testing
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-chart-e2e-demo-123/0.21.0/report.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-chart-e2e-demo-123/0.21.0/report.yaml
new file mode 100644
index 00000000000..9c8de5a193f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-chart-e2e-demo-123/0.21.0/report.yaml
@@ -0,0 +1,98 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:9159862246621eaeffad97540125a31776c649ad7a2827835459db6fb3e8ea97
+            package: 1897adf66bf235cdadf0b9de30a689548729f6d54e4dac7773cfd9752403299c
+        lastCertifiedTimestamp: "2022-12-08T14:24:23.523611+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: helm-chart-e2e-demo-123
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-e2e-demo-123
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-chart-e2e-demo-123/OWNERS b/charts/partners/redhat-caastestreg-duplicate/helm-chart-e2e-demo-123/OWNERS
new file mode 100644
index 00000000000..de6ca19504c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-chart-e2e-demo-123/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-chart-e2e-demo-123
+  shortDescription: helm-chart-e2e-demo-123 is a helm chart for E2E demonstration
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: opcert
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-test-e2e/0.21.0/report.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-test-e2e/0.21.0/report.yaml
new file mode 100644
index 00000000000..84a8e8b4b93
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-test-e2e/0.21.0/report.yaml
@@ -0,0 +1,99 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:b5a2949389b8ad23490d39578ec8a0eacb8a25e80d26508a85dc68218a9c2e48
+            package: 53e5b2f03ff323b965ecd1eb22efe85c941ce73d80506d0d4dd5ae086f746373
+        lastCertifiedTimestamp: "2022-12-08T10:12:01.207111+00:00"
+        testedOpenShiftVersion: "4.10"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: helm-test-e2e
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-test-e2e
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-test-e2e/OWNERS b/charts/partners/redhat-caastestreg-duplicate/helm-test-e2e/OWNERS
new file mode 100644
index 00000000000..afc432d1e1f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-test-e2e/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-test-e2e
+  shortDescription: This text is displayed on card previews in the Ecosystem catalog
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: opcert
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-1112023/OWNERS b/charts/partners/redhat-caastestreg-duplicate/helm-testing-1112023/OWNERS
new file mode 100644
index 00000000000..35382d2e790
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-1112023/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helm-testing-1112023
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..4a2a4140e41
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/Chart.yaml
new file mode 100644
index 00000000000..c5afa0dd03e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.1
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.1/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/Chart.yaml
new file mode 100644
index 00000000000..7da1f92e7ae
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.10
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.10/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/Chart.yaml
new file mode 100644
index 00000000000..183e3d8e1c6
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.11
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.11/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/Chart.yaml
new file mode 100644
index 00000000000..04870507ee3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.12
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.12/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/Chart.yaml
new file mode 100644
index 00000000000..c3f85ccce26
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.13
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.13/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/Chart.yaml
new file mode 100644
index 00000000000..5888bd25801
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.14
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.14/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/Chart.yaml
new file mode 100644
index 00000000000..3c1c44f42a2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.15
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.15/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/Chart.yaml
new file mode 100644
index 00000000000..a252236a7cc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.16
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.16/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/Chart.yaml
new file mode 100644
index 00000000000..5185f59aa7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.17
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.17/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/Chart.yaml
new file mode 100644
index 00000000000..6d6c737b4d2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.18
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.18/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/Chart.yaml
new file mode 100644
index 00000000000..c7da2314d63
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.19
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.19/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/Chart.yaml
new file mode 100644
index 00000000000..35ea6f58890
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.2
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.2/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/Chart.yaml
new file mode 100644
index 00000000000..f64d5b58567
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.20
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.20/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/Chart.yaml
new file mode 100644
index 00000000000..568ff1eccb3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.21
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.21/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/Chart.yaml
new file mode 100644
index 00000000000..439489865b4
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.22
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.22/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/Chart.yaml
new file mode 100644
index 00000000000..320ba9bfe3c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.23
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.23/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/Chart.yaml
new file mode 100644
index 00000000000..37da6e5ccb9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.24
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.24/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/Chart.yaml
new file mode 100644
index 00000000000..11094599f05
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.25
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.25/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/Chart.yaml
new file mode 100644
index 00000000000..2a5fa3d58b1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.26
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.26/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/Chart.yaml
new file mode 100644
index 00000000000..fa34832534c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.27
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.27/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/Chart.yaml
new file mode 100644
index 00000000000..bf4b4b1a085
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.28
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.28/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/Chart.yaml
new file mode 100644
index 00000000000..e0357398bf4
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.29
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.29/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/Chart.yaml
new file mode 100644
index 00000000000..8a0fdebc51f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.3
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.3/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/Chart.yaml
new file mode 100644
index 00000000000..c32309dee47
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.30
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.30/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/Chart.yaml
new file mode 100644
index 00000000000..d070b6516d4
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.31
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.31/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/Chart.yaml
new file mode 100644
index 00000000000..410ab1b984b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.32
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.32/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/Chart.yaml
new file mode 100644
index 00000000000..f5825af1358
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.33
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.33/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/Chart.yaml
new file mode 100644
index 00000000000..1c77728245f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.34
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.34/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/Chart.yaml
new file mode 100644
index 00000000000..200b7e808cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.35
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.35/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/Chart.yaml
new file mode 100644
index 00000000000..891579c7c26
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.36
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.36/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/Chart.yaml
new file mode 100644
index 00000000000..18a5a915d55
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.37
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.37/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/Chart.yaml
new file mode 100644
index 00000000000..8bdc5f7d0a8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.38
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.38/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/Chart.yaml
new file mode 100644
index 00000000000..80ff0659a04
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.39
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.39/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/Chart.yaml
new file mode 100644
index 00000000000..b82605fa6d0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.4
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.4/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/Chart.yaml
new file mode 100644
index 00000000000..719c675f72b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.40
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.40/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/Chart.yaml
new file mode 100644
index 00000000000..6621c74ffb8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.41
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.41/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/Chart.yaml
new file mode 100644
index 00000000000..4c953978aa9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.42
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.42/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/Chart.yaml
new file mode 100644
index 00000000000..2f7886e57f6
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.43
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.43/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/Chart.yaml
new file mode 100644
index 00000000000..f52f9c7ffee
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.44
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.44/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/Chart.yaml
new file mode 100644
index 00000000000..e2726c5a4b8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.45
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.45/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/Chart.yaml
new file mode 100644
index 00000000000..f5f92b3120b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.46
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.46/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/Chart.yaml
new file mode 100644
index 00000000000..6f918ced00a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.47
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.47/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/Chart.yaml
new file mode 100644
index 00000000000..ebddb7e8092
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.48
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.48/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/Chart.yaml
new file mode 100644
index 00000000000..187c33ca7da
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.49
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.49/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/Chart.yaml
new file mode 100644
index 00000000000..4b9d828850f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.5
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.5/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/Chart.yaml
new file mode 100644
index 00000000000..bdc279454b3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.50
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.50/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/Chart.yaml
new file mode 100644
index 00000000000..4e6d7de7d67
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.51
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.51/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/Chart.yaml
new file mode 100644
index 00000000000..3dfb988f9ab
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.52
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.52/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/Chart.yaml
new file mode 100644
index 00000000000..9f6462b812c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.53
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.53/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/Chart.yaml
new file mode 100644
index 00000000000..846f0466c3e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.54
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.54/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/Chart.yaml
new file mode 100644
index 00000000000..1c5bc264d9a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.55
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.55/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/Chart.yaml
new file mode 100644
index 00000000000..a0a062acd2a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.56
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.56/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/Chart.yaml
new file mode 100644
index 00000000000..18af20ac8fc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.57
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.57/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/Chart.yaml
new file mode 100644
index 00000000000..af02cf5931f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.58
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.58/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/Chart.yaml
new file mode 100644
index 00000000000..727d44c8054
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.59
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.59/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/Chart.yaml
new file mode 100644
index 00000000000..722adc92889
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.6
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.6/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/Chart.yaml
new file mode 100644
index 00000000000..5837b5d05c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.60
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.60/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/Chart.yaml
new file mode 100644
index 00000000000..7e0aab2c689
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.61
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.61/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/Chart.yaml
new file mode 100644
index 00000000000..01959361131
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.62
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.62/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/Chart.yaml
new file mode 100644
index 00000000000..e997fdd03be
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.63
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.63/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/Chart.yaml
new file mode 100644
index 00000000000..5fc755aea2f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.7
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.7/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/Chart.yaml
new file mode 100644
index 00000000000..792bb2158ca
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.8
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.8/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/Chart.yaml
new file mode 100644
index 00000000000..2a05adccfe6
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-5435
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.9
+annotations:
+  charts.openshift.io/name: helm-testing-5435
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/0.21.9/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/OWNERS b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/OWNERS
new file mode 100644
index 00000000000..ee6c3bfaa2b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-5435/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-testing-5435
+  shortDescription: null
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: opcert
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..1b47f392e08
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/Chart.yaml
new file mode 100644
index 00000000000..4999bdfd844
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.1
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.1/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/Chart.yaml
new file mode 100644
index 00000000000..5231c4d895c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.10
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.10/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/Chart.yaml
new file mode 100644
index 00000000000..1d5e5ba3a3b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.11
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.11/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/Chart.yaml
new file mode 100644
index 00000000000..783f96ab810
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.2
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.2/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/Chart.yaml
new file mode 100644
index 00000000000..bddd06e13dc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.3
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.3/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/Chart.yaml
new file mode 100644
index 00000000000..4345b1762a5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.4
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.4/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/Chart.yaml
new file mode 100644
index 00000000000..03c35ba8b8d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.5
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.5/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/Chart.yaml
new file mode 100644
index 00000000000..ca48b019fc2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.6
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.6/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/Chart.yaml
new file mode 100644
index 00000000000..f201f9902d0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.7
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.7/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/Chart.yaml
new file mode 100644
index 00000000000..65ed9048c1a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.8
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.8/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/Chart.yaml
new file mode 100644
index 00000000000..6296e73cff7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-testing-980
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.9
+annotations:
+  charts.openshift.io/name: helm-testing-980
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/0.21.9/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/OWNERS b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/OWNERS
new file mode 100644
index 00000000000..356339b7452
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-testing-980/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-testing-980
+  shortDescription: Some description
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: opcert
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-webonly-e2e-demo/0.21.0/report.yaml b/charts/partners/redhat-caastestreg-duplicate/helm-webonly-e2e-demo/0.21.0/report.yaml
new file mode 100644
index 00000000000..cf60ee5f007
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-webonly-e2e-demo/0.21.0/report.yaml
@@ -0,0 +1,98 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:62908ab325ada002ae284236949ce0d360341d715332926d8bbdd7de0ca3c25d
+            package: 45646d7676fcaf8ba6233c346f5eb730e2ad5df37b857b3ec63d6d6f4927ff6a
+        lastCertifiedTimestamp: "2022-12-08T15:11:01.136754+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: helm-webonly-e2e-demo
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-webonly-e2e-demo
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-webonly-e2e-demo/OWNERS b/charts/partners/redhat-caastestreg-duplicate/helm-webonly-e2e-demo/OWNERS
new file mode 100644
index 00000000000..13e917b9e09
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-webonly-e2e-demo/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-webonly-e2e-demo
+  shortDescription: null
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: opcert
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/helm-webonly-e2e/OWNERS b/charts/partners/redhat-caastestreg-duplicate/helm-webonly-e2e/OWNERS
new file mode 100644
index 00000000000..bd37a78b623
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helm-webonly-e2e/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-webonly-e2e
+  shortDescription: null
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: opcert
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/.helmignore b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..4f8ef1dc7be
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helmchartchecklist 
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: helmchartchecklist
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/README.md b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/OWNERS b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/OWNERS
new file mode 100644
index 00000000000..3825ccfe80f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/helmchartchecklist/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helmchartchecklist
+  shortDescription: This text is displayed on card previews in the Ecosystem catalog
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: vikasmulaje
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/test1234/0.21.0/report.yaml b/charts/partners/redhat-caastestreg-duplicate/test1234/0.21.0/report.yaml
new file mode 100644
index 00000000000..9f8842a3e76
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/test1234/0.21.0/report.yaml
@@ -0,0 +1,98 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:a36cfa54427a4a317a921f405fc760a7ba56dcd82046dd4ae5508a0fa494acbe
+            package: 9a6f0397649a1069aa73329e6347955bc98ee2c2c3af1d1df31e4cd4b4a2be74
+        lastCertifiedTimestamp: "2022-12-08T14:01:58.9329+00:00"
+        testedOpenShiftVersion: "4.10"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: test1234
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: test1234
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: FAIL
+      reason: 'Chart test failure: pod test1234-bzc2kyj101-server-test failed'
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/test1234/OWNERS b/charts/partners/redhat-caastestreg-duplicate/test1234/OWNERS
new file mode 100644
index 00000000000..8e13d373b40
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/test1234/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test1234
+  shortDescription: null
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: opcert
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/test321/0.21.0/report.yaml b/charts/partners/redhat-caastestreg-duplicate/test321/0.21.0/report.yaml
new file mode 100644
index 00000000000..d52358c689f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/test321/0.21.0/report.yaml
@@ -0,0 +1,98 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:b8bb81349253f83928061cd0f262a4b093729db566e126cc9285fbc9c407afa3
+            package: 3bd23082939186026496a2e16d561ea582b6aaf1240541954db7101d3e1b165d
+        lastCertifiedTimestamp: "2022-12-08T13:47:34.641813+00:00"
+        testedOpenShiftVersion: N/A
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: test321
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: test321
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: FAIL
+      reason: 'Chart test failure: pod test321-ukawxfsvch-server-test failed'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/test321/OWNERS b/charts/partners/redhat-caastestreg-duplicate/test321/OWNERS
new file mode 100644
index 00000000000..1e70760bfae
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/test321/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test321
+  shortDescription: null
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: opcert
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-412/OWNERS b/charts/partners/redhat-caastestreg-duplicate/viksss-412/OWNERS
new file mode 100644
index 00000000000..018994c25c2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-412/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: viksss-412
+  shortDescription: This text is displayed on card previews in the Ecosystem catalog
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: vikasmulaje
+- githubUsername: opcert
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/Chart.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..c9ba4695a2f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: viksss-chart-demo
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: viksss-chart-demo
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/LICENSE.md b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/Makefile b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/README.md b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/values.schema.json b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/values.yaml b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/OWNERS b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/OWNERS
new file mode 100644
index 00000000000..b67efb96335
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart-demo/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: viksss-chart-demo
+  shortDescription: Short repository description
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: vikasmulaje
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg-duplicate/viksss-chart/OWNERS b/charts/partners/redhat-caastestreg-duplicate/viksss-chart/OWNERS
new file mode 100644
index 00000000000..74bb7ba655c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg-duplicate/viksss-chart/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: viksss-chart
+  shortDescription: This text is displayed on card previews in the Ecosystem catalog
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: vikasmulaje
+vendor:
+  label: redhat-caastestreg-duplicate
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg/example-external-distribution-helm-chart/OWNERS b/charts/partners/redhat-caastestreg/example-external-distribution-helm-chart/OWNERS
new file mode 100644
index 00000000000..8e69aed839f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/example-external-distribution-helm-chart/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: example-external-distribution-helm-chart
+  shortDescription: null
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: bovem
+vendor:
+  label: redhat-caastestreg
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg/external-helm-chart/OWNERS b/charts/partners/redhat-caastestreg/external-helm-chart/OWNERS
new file mode 100644
index 00000000000..e2c1289ef8c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/external-helm-chart/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: external-helm-chart
+  shortDescription: null
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: bovem
+vendor:
+  label: redhat-caastestreg
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/.helmignore b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/Chart.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..12c8d8b87bf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-chart-5678
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: helm-chart-5678
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/LICENSE.md b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/Makefile b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/README.md b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/values.schema.json b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/values.yaml b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg/helm-chart-5678/OWNERS b/charts/partners/redhat-caastestreg/helm-chart-5678/OWNERS
new file mode 100644
index 00000000000..67e48fdbaf6
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-5678/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-chart-5678
+  shortDescription: helm-chart-5678
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: bovem
+vendor:
+  label: redhat-caastestreg
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/.helmignore b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/Chart.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..30b72ecf54e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-chart-e2e-stage-external
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: helm-chart-e2e-stage-external
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/LICENSE.md b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/Makefile b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/README.md b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/values.schema.json b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/values.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/OWNERS b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/OWNERS
new file mode 100644
index 00000000000..715e305336c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-stage-external/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-chart-e2e-stage-external
+  shortDescription: null
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: bovem
+vendor:
+  label: redhat-caastestreg
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-test-stage/0.21.0/report.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-test-stage/0.21.0/report.yaml
new file mode 100644
index 00000000000..2b0f04ecf91
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-test-stage/0.21.0/report.yaml
@@ -0,0 +1,99 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:fda1c6f533bc7f8a78d8df0d2771dcae4c9287e9695cbd3b06f9f9a2cfc57695
+            package: 548301033195989a994fc3c78d6ed55e109305f2a37908b1639bbead4a3e3ee4
+        lastCertifiedTimestamp: "2022-11-21T14:01:13.959707+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: helm-chart-e2e-test-stage
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-e2e-test-stage
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-test-stage/OWNERS b/charts/partners/redhat-caastestreg/helm-chart-e2e-test-stage/OWNERS
new file mode 100644
index 00000000000..5bde03cb8a8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-test-stage/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-chart-e2e-test-stage
+  shortDescription: null
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: bovem
+vendor:
+  label: redhat-caastestreg
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-webonly/0.21.0/report.yaml b/charts/partners/redhat-caastestreg/helm-chart-e2e-webonly/0.21.0/report.yaml
new file mode 100644
index 00000000000..e2d51534c16
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-webonly/0.21.0/report.yaml
@@ -0,0 +1,99 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:7ec746204fe920031e9e5bc46b196d579c83c20a99d2dc36a6f0d1fbf62bd380
+            package: 47471b2ed48350a09ac108f0caa797c197b183a503ddd0d61b076b6d6b117dde
+        lastCertifiedTimestamp: "2022-11-23T06:48:49.706556+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: helm-chart-e2e-webonly
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-chart-e2e-webonly
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/charts/partners/redhat-caastestreg/helm-chart-e2e-webonly/OWNERS b/charts/partners/redhat-caastestreg/helm-chart-e2e-webonly/OWNERS
new file mode 100644
index 00000000000..47e2b8da0c5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-e2e-webonly/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-chart-e2e-webonly
+  shortDescription: null
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: bovem
+vendor:
+  label: redhat-caastestreg
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg/helm-chart-external-1234/OWNERS b/charts/partners/redhat-caastestreg/helm-chart-external-1234/OWNERS
new file mode 100644
index 00000000000..b4daa1aecfb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-external-1234/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-chart-external-1234
+  shortDescription: helm-chart-rhcc-1234 is a helm chart testing chart
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: bovem
+vendor:
+  label: redhat-caastestreg
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg/helm-chart-provider-delivery-verification/OWNERS b/charts/partners/redhat-caastestreg/helm-chart-provider-delivery-verification/OWNERS
new file mode 100644
index 00000000000..3b70aa5f8fd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-chart-provider-delivery-verification/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-chart-provider-delivery-verification
+  shortDescription: helm-chart-provider-delivery-verification
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: bovem
+vendor:
+  label: redhat-caastestreg
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/.helmignore b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/Chart.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..98bd10dba9e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: helm-rhcc-1234
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: helm-rhcc-1234
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/LICENSE.md b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/Makefile b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/README.md b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/values.schema.json b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/values.yaml b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-caastestreg/helm-rhcc-1234/OWNERS b/charts/partners/redhat-caastestreg/helm-rhcc-1234/OWNERS
new file mode 100644
index 00000000000..11b10e4ab99
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/helm-rhcc-1234/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-rhcc-1234
+  shortDescription: helm-rhcc-1234 is a testing helm chart
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: bovem
+vendor:
+  label: redhat-caastestreg
+  name: RED HAT
diff --git a/charts/partners/redhat-caastestreg/test-external-helm-5678/0.21.0/report.yaml b/charts/partners/redhat-caastestreg/test-external-helm-5678/0.21.0/report.yaml
new file mode 100644
index 00000000000..a45a031486c
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/test-external-helm-5678/0.21.0/report.yaml
@@ -0,0 +1,99 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: https://github.com/bovem/external-helm-charts/raw/main/test-external-helm-5678/0.21.0/redhat-caastestreg-test-external-helm-5678-0.21.0.tgz
+        digests:
+            chart: sha256:70744d2b2f5bb93eb3083097038f1949f721e34be26613d3231628430e6d9ed0
+            package: 7a4071abf171a1737d1c8dc3e78bf2326fca40e1964788f7e6ad0e255e3d0aef
+        lastCertifiedTimestamp: "2022-11-23T08:46:24.654784+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: false
+    chart:
+        name: test-external-helm-5678
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: test-external-helm-5678
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/charts/partners/redhat-caastestreg/test-external-helm-5678/OWNERS b/charts/partners/redhat-caastestreg/test-external-helm-5678/OWNERS
new file mode 100644
index 00000000000..13048e0f0f7
--- /dev/null
+++ b/charts/partners/redhat-caastestreg/test-external-helm-5678/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test-external-helm-5678
+  shortDescription: null
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: bovem
+vendor:
+  label: redhat-caastestreg
+  name: RED HAT
diff --git a/charts/partners/redhat-sp/1946-stage/OWNERS b/charts/partners/redhat-sp/1946-stage/OWNERS
new file mode 100644
index 00000000000..72b39feb6ed
--- /dev/null
+++ b/charts/partners/redhat-sp/1946-stage/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: 1946-stage
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/1946stage-1/OWNERS b/charts/partners/redhat-sp/1946stage-1/OWNERS
new file mode 100644
index 00000000000..8fbfb816b7f
--- /dev/null
+++ b/charts/partners/redhat-sp/1946stage-1/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: 1946stage-1
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/97y98yd9ghaedi9/OWNERS b/charts/partners/redhat-sp/97y98yd9ghaedi9/OWNERS
index 4fccd0067b7..5662c8a91da 100644
--- a/charts/partners/redhat-sp/97y98yd9ghaedi9/OWNERS
+++ b/charts/partners/redhat-sp/97y98yd9ghaedi9/OWNERS
@@ -1,9 +1,10 @@
 chart:
   name: 97y98yd9ghaedi9
   shortDescription: 6ehss
-publicPgpKey: null
+providerDelivery: false
+publicPgpKey: unknown
 users:
 - githubUsername: 6e
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/am-test-helm-chart/OWNERS b/charts/partners/redhat-sp/am-test-helm-chart/OWNERS
new file mode 100644
index 00000000000..3601f453c68
--- /dev/null
+++ b/charts/partners/redhat-sp/am-test-helm-chart/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: am-test-helm-chart
+  shortDescription: Contrary to popular belief, Lorem Ipsum is not simply random text.
+    It has roots in a piece of classical Latin
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: '@amgarud'
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/chart1678/OWNERS b/charts/partners/redhat-sp/chart1678/OWNERS
index cb295f2cc2c..29e410ef3e3 100644
--- a/charts/partners/redhat-sp/chart1678/OWNERS
+++ b/charts/partners/redhat-sp/chart1678/OWNERS
@@ -1,8 +1,9 @@
 chart:
   name: chart1678
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/chart556/OWNERS b/charts/partners/redhat-sp/chart556/OWNERS
index f646c807367..ff9537f5741 100644
--- a/charts/partners/redhat-sp/chart556/OWNERS
+++ b/charts/partners/redhat-sp/chart556/OWNERS
@@ -1,9 +1,10 @@
 chart:
   name: chart556
-  shortDescription: null
-publicPgpKey: null
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
 users:
 - githubUsername: test
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/demo-helm-chart-test-27-8/OWNERS b/charts/partners/redhat-sp/demo-helm-chart-test-27-8/OWNERS
index 3386f25d6b9..4f949c52a2c 100644
--- a/charts/partners/redhat-sp/demo-helm-chart-test-27-8/OWNERS
+++ b/charts/partners/redhat-sp/demo-helm-chart-test-27-8/OWNERS
@@ -1,9 +1,10 @@
 chart:
   name: demo-helm-chart-test-27-8
   shortDescription: test helm for demo
-publicPgpKey: null
+providerDelivery: false
+publicPgpKey: unknown
 users:
 - githubUsername: gkr-bot
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/extstage/OWNERS b/charts/partners/redhat-sp/extstage/OWNERS
new file mode 100644
index 00000000000..6b6554b7c1a
--- /dev/null
+++ b/charts/partners/redhat-sp/extstage/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: extstage
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: test accc
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/helm-1901/OWNERS b/charts/partners/redhat-sp/helm-1901/OWNERS
new file mode 100644
index 00000000000..68a0216ffa0
--- /dev/null
+++ b/charts/partners/redhat-sp/helm-1901/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helm-1901
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/helm-web-01/OWNERS b/charts/partners/redhat-sp/helm-web-01/OWNERS
new file mode 100644
index 00000000000..3bbfd30e143
--- /dev/null
+++ b/charts/partners/redhat-sp/helm-web-01/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-web-01
+  shortDescription: test
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/helm-web-02/0.21.0/report.yaml b/charts/partners/redhat-sp/helm-web-02/0.21.0/report.yaml
new file mode 100644
index 00000000000..369ca575465
--- /dev/null
+++ b/charts/partners/redhat-sp/helm-web-02/0.21.0/report.yaml
@@ -0,0 +1,98 @@
+piversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:02ef5853fd603a64d30992f151b807b32fe3d0a2f1789b1fd4e4a2ab9a943b7a
+            package: 9de3fd5f71725afaa05d2be01228a97777da80376680a50dd8e5285dc7267ff9
+        lastCertifiedTimestamp: "2022-11-28T09:45:30.597901+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: helm-web-02
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-web-02
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
diff --git a/charts/partners/redhat-sp/helm-web-02/OWNERS b/charts/partners/redhat-sp/helm-web-02/OWNERS
new file mode 100644
index 00000000000..f1b9501559a
--- /dev/null
+++ b/charts/partners/redhat-sp/helm-web-02/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: helm-web-02
+  shortDescription: test
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: Aishwarya-Urne
+- githubUsername: vikasmulaje
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/helm-web-03/OWNERS b/charts/partners/redhat-sp/helm-web-03/OWNERS
new file mode 100644
index 00000000000..231ee45d6b2
--- /dev/null
+++ b/charts/partners/redhat-sp/helm-web-03/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-web-03
+  shortDescription: test
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/helm-webonly-04/0.21.0/report.yaml b/charts/partners/redhat-sp/helm-webonly-04/0.21.0/report.yaml
new file mode 100644
index 00000000000..aaada47e310
--- /dev/null
+++ b/charts/partners/redhat-sp/helm-webonly-04/0.21.0/report.yaml
@@ -0,0 +1,99 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:b070386a184fe554e941e42c36f72e47eb4f2d6086c5bfef18fe2826bf07fe17
+            package: 7733d1ae33da248970bababbaeb0445704956010388815c911330f4aebf21bea
+        lastCertifiedTimestamp: "2022-11-29T07:23:11.606787+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: helm-webonly-04
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-webonly-04
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+
diff --git a/charts/partners/redhat-sp/helm-webonly-04/OWNERS b/charts/partners/redhat-sp/helm-webonly-04/OWNERS
new file mode 100644
index 00000000000..b4f19410477
--- /dev/null
+++ b/charts/partners/redhat-sp/helm-webonly-04/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-webonly-04
+  shortDescription: test
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/helm-webonly-05/0.21.0/report.yaml b/charts/partners/redhat-sp/helm-webonly-05/0.21.0/report.yaml
new file mode 100644
index 00000000000..8d32410367e
--- /dev/null
+++ b/charts/partners/redhat-sp/helm-webonly-05/0.21.0/report.yaml
@@ -0,0 +1,99 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:ffff97404e8ea896dd70e4d4877fdc9e4fa6f132e4545b7c59bdca8736aabb63
+            package: c726191eb7aac0238f4ced269ec6759811bc1cb2c2e50061eba3686ed757595a
+        lastCertifiedTimestamp: "2022-11-29T08:59:59.95293+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: helm-webonly-05
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: helm-webonly-05
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+
diff --git a/charts/partners/redhat-sp/helm-webonly-05/OWNERS b/charts/partners/redhat-sp/helm-webonly-05/OWNERS
new file mode 100644
index 00000000000..c03f2b17f42
--- /dev/null
+++ b/charts/partners/redhat-sp/helm-webonly-05/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-webonly-05
+  shortDescription: test
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/helm000oo/OWNERS b/charts/partners/redhat-sp/helm000oo/OWNERS
index 5622cf3ce76..8d8e0939408 100644
--- a/charts/partners/redhat-sp/helm000oo/OWNERS
+++ b/charts/partners/redhat-sp/helm000oo/OWNERS
@@ -1,8 +1,9 @@
 chart:
   name: helm000oo
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/helm000ooo/OWNERS b/charts/partners/redhat-sp/helm000ooo/OWNERS
index eb7ae9a136d..73ff4349048 100644
--- a/charts/partners/redhat-sp/helm000ooo/OWNERS
+++ b/charts/partners/redhat-sp/helm000ooo/OWNERS
@@ -1,8 +1,9 @@
 chart:
   name: helm000ooo
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/helm08082022/OWNERS b/charts/partners/redhat-sp/helm08082022/OWNERS
index 9728dcc6ee0..8a276a505e0 100644
--- a/charts/partners/redhat-sp/helm08082022/OWNERS
+++ b/charts/partners/redhat-sp/helm08082022/OWNERS
@@ -1,8 +1,9 @@
 chart:
   name: helm08082022
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/helm0809/OWNERS b/charts/partners/redhat-sp/helm0809/OWNERS
index 8a71f14dbc4..40f29027084 100644
--- a/charts/partners/redhat-sp/helm0809/OWNERS
+++ b/charts/partners/redhat-sp/helm0809/OWNERS
@@ -1,9 +1,10 @@
 chart:
   name: helm0809
   shortDescription: vcvf
-publicPgpKey: null
+providerDelivery: false
+publicPgpKey: unknown
 users:
 - githubUsername: rnargotr
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/helm1959/OWNERS b/charts/partners/redhat-sp/helm1959/OWNERS
new file mode 100644
index 00000000000..b62d1c2b93f
--- /dev/null
+++ b/charts/partners/redhat-sp/helm1959/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helm1959
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/helm1mt562/OWNERS b/charts/partners/redhat-sp/helm1mt562/OWNERS
new file mode 100644
index 00000000000..7f44e7e20b1
--- /dev/null
+++ b/charts/partners/redhat-sp/helm1mt562/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm1mt562
+  shortDescription: null
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: rnargotr
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/helm2022/OWNERS b/charts/partners/redhat-sp/helm2022/OWNERS
index f68c3d73bb9..e21f8dbbb59 100644
--- a/charts/partners/redhat-sp/helm2022/OWNERS
+++ b/charts/partners/redhat-sp/helm2022/OWNERS
@@ -1,8 +1,9 @@
 chart:
   name: helm2022
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/helmext/OWNERS b/charts/partners/redhat-sp/helmext/OWNERS
index db1b4bf2f07..cc0f83aa07a 100644
--- a/charts/partners/redhat-sp/helmext/OWNERS
+++ b/charts/partners/redhat-sp/helmext/OWNERS
@@ -1,8 +1,9 @@
 chart:
   name: helmext
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/helmext17112022/OWNERS b/charts/partners/redhat-sp/helmext17112022/OWNERS
new file mode 100644
index 00000000000..c5f8ce8ae16
--- /dev/null
+++ b/charts/partners/redhat-sp/helmext17112022/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmext17112022
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/report.yaml b/charts/partners/redhat-sp/helmstage1/0.1.0/report.yaml
new file mode 100644
index 00000000000..2eeaec4275d
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/report.yaml
@@ -0,0 +1,71 @@
+apiversion: v1
+kind: verify-report
+metadata:
+  tool:
+    verifier-version: 1.0.0
+    chart-uri: http://charts.com
+    digest:
+      chart: sha256:8114066367e7a0bbff988320279681fe67bbcaaa6628056f7fef61154d6d4b3b
+    lastCertifiedTime: 2021-04-22 10:49:29.714918174 +0000 UTC m=+1.932279870
+    certifiedOpenShiftVersions: ""
+  chart:
+    name: helmstage1
+    home: ""
+    sources: []
+    version: 0.1.0
+    description: A Helm chart for Kubernetes
+    keywords: []
+    maintainers: []
+    icon: https://www.example.com/chart-icon.png
+    apiversion: v2
+    condition: ""
+    tags: ""
+    appversion: 1.16.0
+    deprecated: false
+    annotations: {}
+    kubeversion: 1.20.0
+    dependencies: []
+    type: application
+  overrides: ""
+results:
+  - check: is-helm-v3
+    type: Mandatory
+    outcome: PASS
+    reason: API version is V2, used in Helm 3
+  - check: contains-test
+    type: Mandatory
+    outcome: PASS
+    reason: Chart test files exist
+  - check: contains-values
+    type: Mandatory
+    outcome: PASS
+    reason: Values file exist
+  - check: helm-lint
+    type: Mandatory
+    outcome: PASS
+    reason: Helm lint successful
+  - check: has-readme
+    type: Mandatory
+    outcome: PASS
+    reason: Chart has a README
+  - check: contains-values-schema
+    type: Mandatory
+    outcome: PASS
+    reason: Values schema file exist
+  - check: has-minkubeversion
+    type: Mandatory
+    outcome: PASS
+    reason: Minimum Kubernetes version specified
+  - check: not-contains-crds
+    type: Mandatory
+    outcome: PASS
+    reason: Chart does not contain CRDs
+  - check: not-contain-csi-objects
+    type: Mandatory
+    outcome: PASS
+    reason: CSI objects do not exist
+  - check: images-are-certified
+    type: Mandatory
+    outcome: PASS
+    reason: Certified
+
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/Chart.yaml b/charts/partners/redhat-sp/helmstage1/0.1.0/src/Chart.yaml
new file mode 100644
index 00000000000..12fe1094ed7
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/Chart.yaml
@@ -0,0 +1,8 @@
+apiVersion: v2
+appVersion: 1.16.0
+description: A Helm chart for Kubernetes
+icon: https://www.example.com/chart-icon.png
+kubeVersion: 1.20.0
+name: helmstage1
+type: application
+version: 0.1.0
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/README.md b/charts/partners/redhat-sp/helmstage1/0.1.0/src/README.md
new file mode 100644
index 00000000000..c17e055bcd5
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/README.md
@@ -0,0 +1 @@
+Test README
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/NOTES.txt b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..319f01bdadd
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/NOTES.txt
@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "chart.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "chart.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/_helpers.tpl b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..7ba5edc272a
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "chart.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "chart.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "chart.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "chart.labels" -}}
+helm.sh/chart: {{ include "chart.chart" . }}
+{{ include "chart.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "chart.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "chart.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "chart.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "chart.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/deployment.yaml b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/deployment.yaml
new file mode 100644
index 00000000000..e6eb2c25818
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/deployment.yaml
@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "chart.fullname" . }}
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  selector:
+    matchLabels:
+      {{- include "chart.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "chart.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "chart.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 80
+              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /
+              port: http
+          readinessProbe:
+            httpGet:
+              path: /
+              port: http
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/hpa.yaml b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/hpa.yaml
new file mode 100644
index 00000000000..548ee03b16e
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/hpa.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.autoscaling.enabled }}
+apiVersion: autoscaling/v2beta1
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ include "chart.fullname" . }}
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ include "chart.fullname" . }}
+  minReplicas: {{ .Values.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.autoscaling.targetCPUUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+    {{- end }}
+    {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/ingress.yaml b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/ingress.yaml
new file mode 100644
index 00000000000..38de004c4c2
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/ingress.yaml
@@ -0,0 +1,41 @@
+{{- if .Values.ingress.enabled -}}
+{{- $fullName := include "chart.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+  {{- with .Values.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.ingress.tls }}
+  tls:
+    {{- range .Values.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            backend:
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+          {{- end }}
+    {{- end }}
+  {{- end }}
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/service.yaml b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/service.yaml
new file mode 100644
index 00000000000..dfc5b3a33df
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/service.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "chart.fullname" . }}
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "chart.selectorLabels" . | nindent 4 }}
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/serviceaccount.yaml b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/serviceaccount.yaml
new file mode 100644
index 00000000000..26a57fa8699
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "chart.serviceAccountName" . }}
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+  {{- with .Values.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/tests/test-connection.yaml b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/tests/test-connection.yaml
new file mode 100644
index 00000000000..8dfed872de8
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/templates/tests/test-connection.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ include "chart.fullname" . }}-test-connection"
+  labels:
+    {{- include "chart.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  containers:
+    - name: wget
+      image: busybox
+      command: ['wget']
+      args: ['{{ include "chart.fullname" . }}:{{ .Values.service.port }}']
+  restartPolicy: Never
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/values.schema.json b/charts/partners/redhat-sp/helmstage1/0.1.0/src/values.schema.json
new file mode 100644
index 00000000000..86f5230b905
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/values.schema.json
@@ -0,0 +1,35 @@
+{
+  "$schema": "https://json-schema.org/draft-07/schema#",
+  "properties": {
+    "image": {
+      "description": "Container Image",
+      "properties": {
+        "repo": {
+          "type": "string"
+        },
+        "tag": {
+          "type": "string"
+        }
+      },
+      "type": "object"
+    },
+    "name": {
+      "description": "Service name",
+      "type": "string"
+    },
+    "port": {
+      "description": "Port",
+      "minimum": 0,
+      "type": "integer"
+    },
+    "protocol": {
+      "type": "string"
+    }
+  },
+  "required": [
+    "protocol",
+    "port"
+  ],
+  "title": "Values",
+  "type": "object"
+}
diff --git a/charts/partners/redhat-sp/helmstage1/0.1.0/src/values.yaml b/charts/partners/redhat-sp/helmstage1/0.1.0/src/values.yaml
new file mode 100644
index 00000000000..ad9b3bc64da
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/0.1.0/src/values.yaml
@@ -0,0 +1,82 @@
+# Default values for chart.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+replicaCount: 1
+
+image:
+  repository: nginx
+  pullPolicy: IfNotPresent
+  # Overrides the image tag whose default is the chart appVersion.
+  tag: ""
+
+imagePullSecrets: []
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+  # Specifies whether a service account should be created
+  create: true
+  # Annotations to add to the service account
+  annotations: {}
+  # The name of the service account to use.
+  # If not set and create is true, a name is generated using the fullname template
+  name: "test6"
+
+podAnnotations: {}
+
+podSecurityContext: {}
+  # fsGroup: 2000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+service:
+  type: ClusterIP
+  port: 80
+
+ingress:
+  enabled: false
+  annotations: {}
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+  hosts:
+    - host: chart-example.local
+      paths: []
+  tls: []
+  #  - secretName: chart-example-tls
+  #    hosts:
+  #      - chart-example.local
+
+resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
+autoscaling:
+  enabled: false
+  minReplicas: 1
+  maxReplicas: 100
+  targetCPUUtilizationPercentage: 80
+  # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+protocol: http
+port: 80
diff --git a/charts/partners/redhat-sp/helmstage1/OWNERS b/charts/partners/redhat-sp/helmstage1/OWNERS
new file mode 100644
index 00000000000..4ad10f52b84
--- /dev/null
+++ b/charts/partners/redhat-sp/helmstage1/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmstage1
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/helmweb/OWNERS b/charts/partners/redhat-sp/helmweb/OWNERS
new file mode 100644
index 00000000000..37ca5105cd6
--- /dev/null
+++ b/charts/partners/redhat-sp/helmweb/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmweb
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/helmweb11/OWNERS b/charts/partners/redhat-sp/helmweb11/OWNERS
new file mode 100644
index 00000000000..d52963a804f
--- /dev/null
+++ b/charts/partners/redhat-sp/helmweb11/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helmweb11
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/new-helm-stage/0.21.0/report.yaml b/charts/partners/redhat-sp/new-helm-stage/0.21.0/report.yaml
new file mode 100644
index 00000000000..592f367c374
--- /dev/null
+++ b/charts/partners/redhat-sp/new-helm-stage/0.21.0/report.yaml
@@ -0,0 +1,99 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:78e2f0efa89e59e4f4ce890a0cb561869aa83ef41ed7cd139bd76987eb37b0b9
+            package: 5b066734d73a32def922eb4998a6fb82b22da566e612ee2e2a54457d359e2dc4
+        lastCertifiedTimestamp: "2022-11-24T08:06:22.382928+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: new-helm-stage
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: new-helm-stage
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+
diff --git a/charts/partners/redhat-sp/new-helm-stage/OWNERS b/charts/partners/redhat-sp/new-helm-stage/OWNERS
new file mode 100644
index 00000000000..d34f12b7800
--- /dev/null
+++ b/charts/partners/redhat-sp/new-helm-stage/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: new-helm-stage
+  shortDescription: test
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/.helmignore b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/Chart.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..0fd2e0ebd5f
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: newlhelmaish
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: newlhelmaish
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/LICENSE.md b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/Makefile b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/README.md b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/values.schema.json b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/values.yaml b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-sp/newlhelmaish/OWNERS b/charts/partners/redhat-sp/newlhelmaish/OWNERS
new file mode 100644
index 00000000000..3e28443711e
--- /dev/null
+++ b/charts/partners/redhat-sp/newlhelmaish/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: newlhelmaish
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/project-for-catalog/0.21.0/report.yaml b/charts/partners/redhat-sp/project-for-catalog/0.21.0/report.yaml
new file mode 100644
index 00000000000..0b21ace330c
--- /dev/null
+++ b/charts/partners/redhat-sp/project-for-catalog/0.21.0/report.yaml
@@ -0,0 +1,99 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:8b33889f29e8c351da550e993083cdb729014352270abb115b6e531c0d8fb6d3
+            package: 1d39cf574cd8db0618ebcb688f7ae7a746da194555d396c67069856c1c39254a
+        lastCertifiedTimestamp: "2023-01-17T10:14:37.380577+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: project-for-catalog
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: project-for-catalog
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+
diff --git a/charts/partners/redhat-sp/project-for-catalog/OWNERS b/charts/partners/redhat-sp/project-for-catalog/OWNERS
new file mode 100644
index 00000000000..9408fcd8e2e
--- /dev/null
+++ b/charts/partners/redhat-sp/project-for-catalog/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: project-for-catalog
+  shortDescription: Contrary to popular belief, Lorem Ipsum is not simply random text.
+    It has roots in a piece of classical Latin
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/.helmignore b/charts/partners/redhat-sp/rhccstage/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-sp/rhccstage/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-sp/rhccstage/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/Chart.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..d9e01ea851c
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: rhccstage
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: rhccstage
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/LICENSE.md b/charts/partners/redhat-sp/rhccstage/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/Makefile b/charts/partners/redhat-sp/rhccstage/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/README.md b/charts/partners/redhat-sp/rhccstage/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/values.schema.json b/charts/partners/redhat-sp/rhccstage/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-sp/rhccstage/0.21.0/src/values.yaml b/charts/partners/redhat-sp/rhccstage/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-sp/rhccstage/OWNERS b/charts/partners/redhat-sp/rhccstage/OWNERS
new file mode 100644
index 00000000000..5c21a570127
--- /dev/null
+++ b/charts/partners/redhat-sp/rhccstage/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: rhccstage
+  shortDescription: test
+providerDelivery: false
+publicPgpKey: dGVzdA==
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/stagerhcc/OWNERS b/charts/partners/redhat-sp/stagerhcc/OWNERS
new file mode 100644
index 00000000000..c8270802fd4
--- /dev/null
+++ b/charts/partners/redhat-sp/stagerhcc/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: stagerhcc
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: test acc
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/stageweb/OWNERS b/charts/partners/redhat-sp/stageweb/OWNERS
new file mode 100644
index 00000000000..63be00fda7e
--- /dev/null
+++ b/charts/partners/redhat-sp/stageweb/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: stageweb
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users:
+- githubUsername: test user
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/tes-new-chart/OWNERS b/charts/partners/redhat-sp/tes-new-chart/OWNERS
index 5578af37d96..f30f4ec6176 100644
--- a/charts/partners/redhat-sp/tes-new-chart/OWNERS
+++ b/charts/partners/redhat-sp/tes-new-chart/OWNERS
@@ -1,9 +1,10 @@
 chart:
   name: tes-new-chart
-  shortDescription: null
-publicPgpKey: null
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
 users:
 - githubUsername: test
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/test-2154-helm-chart/OWNERS b/charts/partners/redhat-sp/test-2154-helm-chart/OWNERS
new file mode 100644
index 00000000000..c495575e811
--- /dev/null
+++ b/charts/partners/redhat-sp/test-2154-helm-chart/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: test-2154-helm-chart
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/test-6567/OWNERS b/charts/partners/redhat-sp/test-6567/OWNERS
new file mode 100644
index 00000000000..272a9bd12a5
--- /dev/null
+++ b/charts/partners/redhat-sp/test-6567/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: test-6567
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/test-chart-1849/OWNERS b/charts/partners/redhat-sp/test-chart-1849/OWNERS
new file mode 100644
index 00000000000..e89792d52f2
--- /dev/null
+++ b/charts/partners/redhat-sp/test-chart-1849/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: test-chart-1849
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/test-helm-1810-2023/OWNERS b/charts/partners/redhat-sp/test-helm-1810-2023/OWNERS
new file mode 100644
index 00000000000..5485c4c7ed9
--- /dev/null
+++ b/charts/partners/redhat-sp/test-helm-1810-2023/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: test-helm-1810-2023
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/test-helm-again-webonly/0.21.0/report.yaml b/charts/partners/redhat-sp/test-helm-again-webonly/0.21.0/report.yaml
new file mode 100644
index 00000000000..091e98bafbd
--- /dev/null
+++ b/charts/partners/redhat-sp/test-helm-again-webonly/0.21.0/report.yaml
@@ -0,0 +1,99 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:bc989182da2fef1620a6778529cf6d0abefaa2cf5fccb35767c44fbcb49decac
+            package: f4373549993baed5bd71a9f552cae6c5ec53dc9acd7d51a47f051df0de776ac9
+        lastCertifiedTimestamp: "2022-11-24T11:29:01.168992+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: test-helm-again-webonly
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: test-helm-again-webonly
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+
diff --git a/charts/partners/redhat-sp/test-helm-again-webonly/OWNERS b/charts/partners/redhat-sp/test-helm-again-webonly/OWNERS
new file mode 100644
index 00000000000..b6527fe2ba1
--- /dev/null
+++ b/charts/partners/redhat-sp/test-helm-again-webonly/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test-helm-again-webonly
+  shortDescription: test
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/test-helm-chart-new/OWNERS b/charts/partners/redhat-sp/test-helm-chart-new/OWNERS
new file mode 100644
index 00000000000..87b61a6e90c
--- /dev/null
+++ b/charts/partners/redhat-sp/test-helm-chart-new/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: test-helm-chart-new
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/test-helm-chart/OWNERS b/charts/partners/redhat-sp/test-helm-chart/OWNERS
index c7dfb674865..b07e914ed79 100644
--- a/charts/partners/redhat-sp/test-helm-chart/OWNERS
+++ b/charts/partners/redhat-sp/test-helm-chart/OWNERS
@@ -1,8 +1,9 @@
 chart:
   name: test-helm-chart
   shortDescription: unknown
+providerDelivery: false
 publicPgpKey: unknown
 users: []
 vendor:
   label: redhat-sp
-  name: GLOBAL SUPPORT SERVI RED HAT, INC.
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/test-webonly/0.21.0/report.yaml b/charts/partners/redhat-sp/test-webonly/0.21.0/report.yaml
new file mode 100644
index 00000000000..fe667cb9f13
--- /dev/null
+++ b/charts/partners/redhat-sp/test-webonly/0.21.0/report.yaml
@@ -0,0 +1,99 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.0.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: N/A
+        digests:
+            chart: sha256:316cccc89c2b2d864f70da3de8250018e640ab6386b46445975536d11d2b7b04
+            package: bd841b36feb2c5ae0a35925e0a2ea3a86211cfd3719e4aca585e9fd52a71fc67
+        lastCertifiedTimestamp: "2022-11-23T07:32:20.231171+00:00"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.3'
+        providerControlledDelivery: true
+    chart:
+        name: test-webonly
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: test-webonly
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/charts/partners/redhat-sp/test-webonly/OWNERS b/charts/partners/redhat-sp/test-webonly/OWNERS
new file mode 100644
index 00000000000..3f6952d5a93
--- /dev/null
+++ b/charts/partners/redhat-sp/test-webonly/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test-webonly
+  shortDescription: test
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/.helmignore b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/Chart.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..f751918b761
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: testexternalhelm
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: testexternalhelm
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/LICENSE.md b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/Makefile b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/README.md b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/values.schema.json b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/values.yaml b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-sp/testexternalhelm/OWNERS b/charts/partners/redhat-sp/testexternalhelm/OWNERS
new file mode 100644
index 00000000000..93a46d04aa1
--- /dev/null
+++ b/charts/partners/redhat-sp/testexternalhelm/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: testexternalhelm
+  shortDescription: test
+providerDelivery: false
+publicPgpKey: dGVzdA==
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/.helmignore b/charts/partners/redhat-sp/teststageweb/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-sp/teststageweb/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-sp/teststageweb/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/Chart.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..1f7e2279c01
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: teststageweb
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: teststageweb
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/LICENSE.md b/charts/partners/redhat-sp/teststageweb/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/Makefile b/charts/partners/redhat-sp/teststageweb/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/README.md b/charts/partners/redhat-sp/teststageweb/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/values.schema.json b/charts/partners/redhat-sp/teststageweb/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-sp/teststageweb/0.21.0/src/values.yaml b/charts/partners/redhat-sp/teststageweb/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-sp/teststageweb/OWNERS b/charts/partners/redhat-sp/teststageweb/OWNERS
new file mode 100644
index 00000000000..85dd4b3e821
--- /dev/null
+++ b/charts/partners/redhat-sp/teststageweb/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: teststageweb
+  shortDescription: test
+providerDelivery: true
+publicPgpKey: dGVzdA==
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/uggdugscg/OWNERS b/charts/partners/redhat-sp/uggdugscg/OWNERS
new file mode 100644
index 00000000000..08e7a15fc0a
--- /dev/null
+++ b/charts/partners/redhat-sp/uggdugscg/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: uggdugscg
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/web-helm-new/OWNERS b/charts/partners/redhat-sp/web-helm-new/OWNERS
new file mode 100644
index 00000000000..6f4c81013c4
--- /dev/null
+++ b/charts/partners/redhat-sp/web-helm-new/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: web-helm-new
+  shortDescription: test
+providerDelivery: true
+publicPgpKey: null
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/.helmignore b/charts/partners/redhat-sp/webaishstage/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/CHANGELOG.md b/charts/partners/redhat-sp/webaishstage/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/CONTRIBUTING.md b/charts/partners/redhat-sp/webaishstage/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/Chart.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..8f07d25f805
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: webaishstage
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: webaishstage
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/LICENSE.md b/charts/partners/redhat-sp/webaishstage/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/Makefile b/charts/partners/redhat-sp/webaishstage/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/README.md b/charts/partners/redhat-sp/webaishstage/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/NOTES.txt b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/_helpers.tpl b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-psp.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-role.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-service.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-ingress.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-psp.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-route.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-service.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/ui-service.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/values.openshift.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/values.schema.json b/charts/partners/redhat-sp/webaishstage/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/redhat-sp/webaishstage/0.21.0/src/values.yaml b/charts/partners/redhat-sp/webaishstage/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/redhat-sp/webaishstage/OWNERS b/charts/partners/redhat-sp/webaishstage/OWNERS
new file mode 100644
index 00000000000..a018765a308
--- /dev/null
+++ b/charts/partners/redhat-sp/webaishstage/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: webaishstage
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/webhelm/OWNERS b/charts/partners/redhat-sp/webhelm/OWNERS
new file mode 100644
index 00000000000..e66142b3184
--- /dev/null
+++ b/charts/partners/redhat-sp/webhelm/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: webhelm
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: redhat-sp
+  name: Red Hat, Inc.
diff --git a/charts/partners/redhat-sp/webonlyhelm/OWNERS b/charts/partners/redhat-sp/webonlyhelm/OWNERS
new file mode 100644
index 00000000000..a0219f8af0e
--- /dev/null
+++ b/charts/partners/redhat-sp/webonlyhelm/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: webonlyhelm
+  shortDescription: null
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: Aishwarya-Urne
+vendor:
+  label: redhat-sp
+  name: GLOBAL SUPPORT SERVI RED HAT, INC.
diff --git a/charts/partners/rhc4tp-test-company-1550766880-2022870255-update-1552585478/rhc4tp-test-20221209-083820/OWNERS b/charts/partners/rhc4tp-test-company-1550766880-2022870255-update-1552585478/rhc4tp-test-20221209-083820/OWNERS
new file mode 100644
index 00000000000..75727eb4add
--- /dev/null
+++ b/charts/partners/rhc4tp-test-company-1550766880-2022870255-update-1552585478/rhc4tp-test-20221209-083820/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: rhc4tp-test-20221209-083820
+  shortDescription: null
+providerDelivery: false
+publicPgpKey: null
+users:
+- githubUsername: rhc4tp-test-20221209-083820
+vendor:
+  label: rhc4tp-test-company-1550766880-2022870255-update-1552585478
+  name: Red Hat
diff --git a/charts/partners/test-helm-ext/helm-951-external/OWNERS b/charts/partners/test-helm-ext/helm-951-external/OWNERS
new file mode 100644
index 00000000000..a3f29d3a6d1
--- /dev/null
+++ b/charts/partners/test-helm-ext/helm-951-external/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helm-951-external
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: test-helm-ext
+  name: test-stage-user-6
diff --git a/charts/partners/test-helm-ext/helm-ext-951/OWNERS b/charts/partners/test-helm-ext/helm-ext-951/OWNERS
new file mode 100644
index 00000000000..723fb7a0c89
--- /dev/null
+++ b/charts/partners/test-helm-ext/helm-ext-951/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-ext-951
+  shortDescription: erfer
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: dfver
+vendor:
+  label: test-helm-ext
+  name: test-stage-user-6
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/.helmignore b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/CHANGELOG.md b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/CONTRIBUTING.md b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/Chart.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/Chart.yaml
new file mode 100644
index 00000000000..fe2e136dc52
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: helm-redhat-new-user
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.69
+annotations:
+  charts.openshift.io/name: helm-redhat-new-user
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/LICENSE.md b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/Makefile b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/README.md b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/NOTES.txt b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/_helpers.tpl b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-clusterrole.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-clusterrolebinding.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-daemonset.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-serviceaccount.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-certs-secret.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-clusterrole.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-clusterrolebinding.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-deployment.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-disruptionbudget.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-mutating-webhook.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-network-policy.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-psp-role.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-psp-rolebinding.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-psp.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-role.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-rolebinding.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-service.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-serviceaccount.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-clusterrolebinding.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-config-configmap.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-discovery-role.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-discovery-rolebinding.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-disruptionbudget.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-ha-active-service.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-ha-standby-service.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-headless-service.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-ingress.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-network-policy.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-psp-role.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-psp-rolebinding.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-psp.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-route.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-service.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-serviceaccount.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-statefulset.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/tests/server-test.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/ui-service.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/values.openshift.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/values.schema.json b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/values.yaml b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/0.21.69/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/test-internal-helm/helm-redhat-new-user/OWNERS b/charts/partners/test-internal-helm/helm-redhat-new-user/OWNERS
new file mode 100644
index 00000000000..cebd268cd7e
--- /dev/null
+++ b/charts/partners/test-internal-helm/helm-redhat-new-user/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: helm-redhat-new-user
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: test-internal-helm
+  name: test-stage-user-17
diff --git a/charts/partners/test-internal-helm/webonly-new-user/OWNERS b/charts/partners/test-internal-helm/webonly-new-user/OWNERS
new file mode 100644
index 00000000000..a330af799ac
--- /dev/null
+++ b/charts/partners/test-internal-helm/webonly-new-user/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: webonly-new-user
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: test-internal-helm
+  name: test-stage-user-17
diff --git a/charts/partners/test-internal-helm/webonly1-new-user/OWNERS b/charts/partners/test-internal-helm/webonly1-new-user/OWNERS
new file mode 100644
index 00000000000..de1ee34fb10
--- /dev/null
+++ b/charts/partners/test-internal-helm/webonly1-new-user/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: webonly1-new-user
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users: []
+vendor:
+  label: test-internal-helm
+  name: test-stage-user-17
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/.helmignore b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/CHANGELOG.md b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/CONTRIBUTING.md b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/Chart.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..be3feb98ef9
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: test-helm-chat
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: test-helm-chat
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/LICENSE.md b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/Makefile b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/README.md b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/NOTES.txt b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/_helpers.tpl b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-psp.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-role.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-service.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-ingress.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-psp.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-route.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-service.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/ui-service.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/values.openshift.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/values.schema.json b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/values.yaml b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/test-new-container-2023/test-helm-chat/OWNERS b/charts/partners/test-new-container-2023/test-helm-chat/OWNERS
new file mode 100644
index 00000000000..a6101564390
--- /dev/null
+++ b/charts/partners/test-new-container-2023/test-helm-chat/OWNERS
@@ -0,0 +1,10 @@
+chart:
+  name: test-helm-chat
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+vendor:
+  label: test-new-container-2023
+  name: test-new-cnf-test
diff --git a/charts/partners/test-openshift-Helm-chart/test-openshift-helm-chart/OWNERS b/charts/partners/test-openshift-Helm-chart/test-openshift-helm-chart/OWNERS
new file mode 100644
index 00000000000..a45298a9bfa
--- /dev/null
+++ b/charts/partners/test-openshift-Helm-chart/test-openshift-helm-chart/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: test-openshift-helm-chart
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: bovem
+- githubUsername: opcert
+vendor:
+  label: test-openshift-Helm-chart
+  name: test-qa-automation-user
diff --git a/charts/partners/test-org/psql-service/0.5.2/report.yaml b/charts/partners/test-org/psql-service/0.5.2/report.yaml
new file mode 100644
index 00000000000..f6cde1652f0
--- /dev/null
+++ b/charts/partners/test-org/psql-service/0.5.2/report.yaml
@@ -0,0 +1,96 @@
+apiversion: v1
+kind: verify-report
+metadata:
+  tool:
+    verifier-version: 1.0.0
+    profile:
+      VendorType: partner
+      version: v1.1
+    chart-uri: N/A
+    digests:
+      chart: sha256:6f9aef2444426e3cf5ed3292197016e45c7a6c3e7a5901df5b4cffb9ddc96857
+      package: 05dc36cadb084e3628e3adbfa06f698cdc4aed8825aa34cd5fa49702442df4d3
+    lastCertifiedTimestamp: "2022-12-16T12:55:16.191558+00:00"
+    testedOpenShiftVersion: "4.10"
+    supportedOpenShiftVersions: '>=4.3'
+    providerControlledDelivery: true
+  chart:
+    name: psql-service
+    home: ""
+    sources: []
+    version: 0.5.2
+    description: AIP Query Engine
+    keywords: []
+    maintainers: []
+    icon: ""
+    apiversion: v2
+    condition: ""
+    tags: ""
+    appversion: 0.5.2
+    deprecated: false
+    annotations:
+      charts.openshift.io/archs: x86_64
+      charts.openshift.io/name: dqe
+      charts.openshift.io/provider: Mobileum Inc.
+      charts.openshift.io/supportURL: http://www.mobileum.com
+    kubeversion: '>= 1.16.0-0'
+    dependencies:
+      - name: aip-common
+        version: 0.3.1
+        repository: oci://162015117822.dkr.ecr.eu-west-1.amazonaws.com/aip-charts
+        condition: ""
+        tags: []
+        enabled: false
+        importvalues: []
+        alias: ""
+    type: application
+  chart-overrides: ""
+results:
+  - check: v1.0/contains-values-schema
+    type: Mandatory
+    outcome: PASS
+    reason: Values schema file exist
+  - check: v1.0/not-contains-crds
+    type: Mandatory
+    outcome: PASS
+    reason: Chart does not contain CRDs
+  - check: v1.0/chart-testing
+    type: Mandatory
+    outcome: PASS
+    reason: Chart tests have passed
+  - check: v1.0/contains-values
+    type: Mandatory
+    outcome: PASS
+    reason: Values file exist
+  - check: v1.0/helm-lint
+    type: Mandatory
+    outcome: PASS
+    reason: Helm lint successful
+  - check: v1.0/images-are-certified
+    type: Mandatory
+    outcome: FAIL
+    reason: 'Image is not Red Hat certified : partner.cnfcert.nmlab.com:5000/trinodb:0.5.2 : No images found for Registry/Repository: partner.cnfcert.nmlab.com:5000/trinodb'
+  - check: v1.0/is-helm-v3
+    type: Mandatory
+    outcome: PASS
+    reason: API version is V2, used in Helm 3
+  - check: v1.0/contains-test
+    type: Mandatory
+    outcome: PASS
+    reason: Chart test files exist
+  - check: v1.0/has-readme
+    type: Mandatory
+    outcome: PASS
+    reason: Chart has a README
+  - check: v1.0/not-contain-csi-objects
+    type: Mandatory
+    outcome: PASS
+    reason: CSI objects do not exist
+  - check: v1.0/required-annotations-present
+    type: Mandatory
+    outcome: PASS
+    reason: All required annotations present
+  - check: v1.1/has-kubeversion
+    type: Mandatory
+    outcome: PASS
+    reason: Kubernetes version specified
diff --git a/charts/partners/test-org/psql-service/OWNERS b/charts/partners/test-org/psql-service/OWNERS
new file mode 100644
index 00000000000..263befe0670
--- /dev/null
+++ b/charts/partners/test-org/psql-service/OWNERS
@@ -0,0 +1,11 @@
+---
+chart:
+  name: psql-service
+  shortDescription: Lorem ipsum
+publicPgpKey:
+providerDelivery: True
+users:
+  - githubUsername: mmulholla
+vendor:
+  label: test-org
+  name: Balabit
diff --git a/charts/partners/test-web-new-user/ext-new-user-helm/OWNERS b/charts/partners/test-web-new-user/ext-new-user-helm/OWNERS
new file mode 100644
index 00000000000..67df11ab711
--- /dev/null
+++ b/charts/partners/test-web-new-user/ext-new-user-helm/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: ext-new-user-helm
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: test-web-new-user
+  name: test-stage-user-19
diff --git a/charts/partners/test-web-new-user/helm-ext-new-user/OWNERS b/charts/partners/test-web-new-user/helm-ext-new-user/OWNERS
new file mode 100644
index 00000000000..f241701a554
--- /dev/null
+++ b/charts/partners/test-web-new-user/helm-ext-new-user/OWNERS
@@ -0,0 +1,9 @@
+chart:
+  name: helm-ext-new-user
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users: []
+vendor:
+  label: test-web-new-user
+  name: test-stage-user-19
diff --git a/charts/partners/test-web-new-user/new-user-ext/0.21.0/report.yaml b/charts/partners/test-web-new-user/new-user-ext/0.21.0/report.yaml
new file mode 100644
index 00000000000..2335d1947f4
--- /dev/null
+++ b/charts/partners/test-web-new-user/new-user-ext/0.21.0/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:6132620358961830159
+        chart-uri: https://github.com/bovem/external-helm-charts/raw/main/test-web-new-user-new-user-ext-0.21.0.tgz
+        digests:
+            chart: sha256:646d4e9097b5abcda84f10636d6fc851c01e20e10ad8bcbff112c453dfcaac58
+            package: ba8217139d8ad01dfc0028fe31f50583ba53c2e637607ed1be07fce2a5955b63
+        lastCertifiedTimestamp: "2023-08-02T13:09:26.224261+00:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.3'
+        webCatalogOnly: false
+    chart:
+        name: new-user-ext
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.21.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.11.2
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: new-user-ext
+        kubeversion: '>= 1.16.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.17.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.11.2-ubi
+
diff --git a/charts/partners/test-web-new-user/new-user-ext/OWNERS b/charts/partners/test-web-new-user/new-user-ext/OWNERS
new file mode 100644
index 00000000000..b1e37a2deb3
--- /dev/null
+++ b/charts/partners/test-web-new-user/new-user-ext/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: new-user-ext
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+- githubUsername: bovem
+vendor:
+  label: test-web-new-user
+  name: test-stage-user-19
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/.helmignore b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/CHANGELOG.md b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/CONTRIBUTING.md b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/Chart.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/Chart.yaml
new file mode 100644
index 00000000000..be38893852f
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.26.0'
+name: web-new-user
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.79
+annotations:
+  charts.openshift.io/name: web-new-user
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/LICENSE.md b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/Makefile b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/README.md b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/NOTES.txt b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/_helpers.tpl b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-clusterrole.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-clusterrolebinding.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-daemonset.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-serviceaccount.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-certs-secret.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-clusterrole.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-clusterrolebinding.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-deployment.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-disruptionbudget.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-mutating-webhook.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-network-policy.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..d58d2a519ea
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              policy-group.network.openshift.io/host-network: ""
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-psp-role.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-psp-rolebinding.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-psp.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-role.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-rolebinding.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-service.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-serviceaccount.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-clusterrolebinding.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-config-configmap.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-discovery-role.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-discovery-rolebinding.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-disruptionbudget.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-ha-active-service.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-ha-standby-service.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-headless-service.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-ingress.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-network-policy.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-psp-role.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-psp-rolebinding.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-psp.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-route.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-service.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-serviceaccount.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-statefulset.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/tests/server-test.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/ui-service.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/values.openshift.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/values.schema.json b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/test-web-new-user/web-new-user/0.21.79/src/values.yaml b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/0.21.79/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/test-web-new-user/web-new-user/OWNERS b/charts/partners/test-web-new-user/web-new-user/OWNERS
new file mode 100644
index 00000000000..be4638da113
--- /dev/null
+++ b/charts/partners/test-web-new-user/web-new-user/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: web-new-user
+  shortDescription: unknown
+providerDelivery: true
+publicPgpKey: unknown
+users:
+- githubUsername: opcert
+- githubUsername: bovem
+vendor:
+  label: test-web-new-user
+  name: test-stage-user-19
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/.helmignore b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/.helmignore
new file mode 100644
index 00000000000..4007e24350a
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/.helmignore
@@ -0,0 +1,28 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.terraform/
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# CI and test
+.circleci/
+.github/
+.gitlab-ci.yml
+test/
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/CHANGELOG.md b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/CHANGELOG.md
new file mode 100644
index 00000000000..45d7168d526
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/CHANGELOG.md
@@ -0,0 +1,417 @@
+## Unreleased
+
+## 0.21.0 (August 10th, 2022)
+
+CHANGES:
+* `vault-k8s` updated to 0.17.0. [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault-csi-provider` updated to 1.2.0 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* `vault` updated to 1.11.2 [GH-771](https://github.com/hashicorp/vault-helm/pull/771)
+* Start testing against Kubernetes 1.24. [GH-744](https://github.com/hashicorp/vault-helm/pull/744)
+* Deprecated `injector.externalVaultAddr`. Added `global.externalVaultAddr`, which applies to both the Injector and the CSI Provider. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+* CSI Provider pods now set the `VAULT_ADDR` environment variable to either the internal Vault service or the configured external address. [GH-745](https://github.com/hashicorp/vault-helm/pull/745)
+
+Features:
+* server: Add `server.statefulSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* csi: Add `csi.daemonSet.securityContext` to override pod and container `securityContext`. [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* injector: Add `injector.securityContext` to override pod and container `securityContext`. [GH-750](https://github.com/hashicorp/vault-helm/pull/750) and [GH-767](https://github.com/hashicorp/vault-helm/pull/767)
+* Add `server.service.activeNodePort` and `server.service.standbyNodePort` to specify the `nodePort` for active and standby services. [GH-610](https://github.com/hashicorp/vault-helm/pull/610)
+* Support for setting annotations on the injector's serviceAccount [GH-753](https://github.com/hashicorp/vault-helm/pull/753)
+
+## 0.20.1 (May 25th, 2022)
+CHANGES:
+* `vault-k8s` updated to 0.16.1 [GH-739](https://github.com/hashicorp/vault-helm/pull/739)
+
+Improvements:
+* Mutating webhook will no longer target the agent injector pod [GH-736](https://github.com/hashicorp/vault-helm/pull/736)
+
+Bugs:
+* `vault` service account is now created even if the server is set to disabled, as per before 0.20.0 [GH-737](https://github.com/hashicorp/vault-helm/pull/737)
+
+## 0.20.0 (May 16th, 2022)
+
+CHANGES:
+* `global.enabled` now works as documented, that is, setting `global.enabled` to false will disable everything, with individual components able to be turned on individually [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Default value of `-` used for injector and server to indicate that they follow `global.enabled`. [GH-703](https://github.com/hashicorp/vault-helm/pull/703)
+* Vault default image to 1.10.3
+* CSI provider default image to 1.1.0
+* Vault K8s default image to 0.16.0
+* Earliest Kubernetes version tested is now 1.16
+* Helm 3.6+ now required
+
+Features:
+* Support topologySpreadConstraints in server and injector. [GH-652](https://github.com/hashicorp/vault-helm/pull/652)
+
+Improvements:
+* CSI: Set `extraLabels` for daemonset, pods, and service account [GH-690](https://github.com/hashicorp/vault-helm/pull/690)
+* Add namespace to injector-leader-elector role, rolebinding and secret [GH-683](https://github.com/hashicorp/vault-helm/pull/683)
+* Support policy/v1 PodDisruptionBudget in Kubernetes 1.21+ for server and injector [GH-710](https://github.com/hashicorp/vault-helm/pull/710)
+* Make the Cluster Address (CLUSTER_ADDR) configurable [GH-629](https://github.com/hashicorp/vault-helm/pull/709)
+* server: Make `publishNotReadyAddresses` configurable for services [GH-694](https://github.com/hashicorp/vault-helm/pull/694)
+* server: Allow config to be defined as a YAML object in the values file [GH-684](https://github.com/hashicorp/vault-helm/pull/684)
+* Maintain default MutatingWebhookConfiguration values from `v1beta1` [GH-692](https://github.com/hashicorp/vault-helm/pull/692)
+
+## 0.19.0 (January 20th, 2022)
+
+CHANGES:
+* Vault image default 1.9.2
+* Vault K8s image default 0.14.2
+
+Features:
+* Added configurable podDisruptionBudget for injector [GH-653](https://github.com/hashicorp/vault-helm/pull/653)
+* Make terminationGracePeriodSeconds configurable for server [GH-659](https://github.com/hashicorp/vault-helm/pull/659)
+* Added configurable update strategy for injector [GH-661](https://github.com/hashicorp/vault-helm/pull/661)
+* csi: ability to set priorityClassName for CSI daemonset pods [GH-670](https://github.com/hashicorp/vault-helm/pull/670)
+
+Improvements:
+* Set the namespace on the OpenShift Route [GH-679](https://github.com/hashicorp/vault-helm/pull/679)
+* Add volumes and env vars to helm hook test pod [GH-673](https://github.com/hashicorp/vault-helm/pull/673)
+* Make TLS configurable for OpenShift routes [GH-686](https://github.com/hashicorp/vault-helm/pull/686)
+
+## 0.18.0 (November 17th, 2021)
+
+CHANGES:
+* Removed support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector since vault-k8s now uses an internal mechanism to determine leadership [GH-649](https://github.com/hashicorp/vault-helm/pull/649)
+* Vault image default 1.9.0
+* Vault K8s image default 0.14.1
+
+Improvements:
+* Added templateConfig.staticSecretRenderInterval chart option for the injector [GH-621](https://github.com/hashicorp/vault-helm/pull/621)
+
+## 0.17.1 (October 25th, 2021)
+
+Improvements:
+  * Add option for Ingress PathType [GH-634](https://github.com/hashicorp/vault-helm/pull/634)
+
+## 0.17.0 (October 21st, 2021)
+
+KNOWN ISSUES:
+* The chart will fail to deploy on Kubernetes 1.19+ with `server.ingress.enabled=true` because no `pathType` is set
+
+CHANGES:
+* Vault image default 1.8.4
+* Vault K8s image default 0.14.0
+
+Improvements:
+* Support Ingress stable networking API [GH-590](https://github.com/hashicorp/vault-helm/pull/590)
+* Support setting the `externalTrafficPolicy` for `LoadBalancer` and `NodePort` service types [GH-626](https://github.com/hashicorp/vault-helm/pull/626)
+* Support setting ingressClassName on server Ingress [GH-630](https://github.com/hashicorp/vault-helm/pull/630)
+
+Bugs:
+* Ensure `kubeletRootDir` volume path and mounts are the same when `csi.daemonSet.kubeletRootDir` is overridden [GH-628](https://github.com/hashicorp/vault-helm/pull/628)
+
+## 0.16.1 (September 29th, 2021)
+
+CHANGES:
+* Vault image default 1.8.3
+* Vault K8s image default 0.13.1
+
+## 0.16.0 (September 16th, 2021)
+
+CHANGES:
+* Support for deploying a leader-elector container with the [vault-k8s injector](https://github.com/hashicorp/vault-k8s) injector will be removed in version 0.18.0 of this chart since vault-k8s now uses an internal mechanism to determine leadership. To enable the deployment of the leader-elector container for use with vault-k8s 0.12.0 and earlier, set `useContainer=true`.
+
+Improvements:
+ * Make CSI provider `hostPaths` configurable via `csi.daemonSet.providersDir` and `csi.daemonSet.kubeletRootDir` [GH-603](https://github.com/hashicorp/vault-helm/pull/603)
+ * Support vault-k8s internal leader election [GH-568](https://github.com/hashicorp/vault-helm/pull/568) [GH-607](https://github.com/hashicorp/vault-helm/pull/607)
+
+## 0.15.0 (August 23rd, 2021)
+
+Improvements:
+* Add imagePullSecrets on server test [GH-572](https://github.com/hashicorp/vault-helm/pull/572)
+* Add injector.webhookAnnotations chart option [GH-584](https://github.com/hashicorp/vault-helm/pull/584)
+
+## 0.14.0 (July 28th, 2021)
+
+Features:
+* Added templateConfig.exitOnRetryFailure chart option for the injector [GH-560](https://github.com/hashicorp/vault-helm/pull/560)
+
+Improvements:
+* Support configuring pod tolerations, pod affinity, and node selectors as YAML [GH-565](https://github.com/hashicorp/vault-helm/pull/565)
+* Set the default vault image to come from the hashicorp organization [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add support for running the acceptance tests against a local `kind` cluster [GH-567](https://github.com/hashicorp/vault-helm/pull/567)
+* Add `server.ingress.activeService` to configure if the ingress should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Add `server.route.activeService` to configure if the route should use the active service [GH-570](https://github.com/hashicorp/vault-helm/pull/570)
+* Support configuring `global.imagePullSecrets` from a string array [GH-576](https://github.com/hashicorp/vault-helm/pull/576)
+
+
+## 0.13.0 (June 17th, 2021)
+
+Improvements:
+* Added a helm test for vault server [GH-531](https://github.com/hashicorp/vault-helm/pull/531)
+* Added server.enterpriseLicense option [GH-547](https://github.com/hashicorp/vault-helm/pull/547)
+* Added OpenShift overrides [GH-549](https://github.com/hashicorp/vault-helm/pull/549)
+
+Bugs:
+* Fix ui.serviceNodePort schema [GH-537](https://github.com/hashicorp/vault-helm/pull/537)
+* Fix server.ha.disruptionBudget.maxUnavailable schema [GH-535](https://github.com/hashicorp/vault-helm/pull/535)
+* Added webhook-certs volume mount to sidecar injector [GH-545](https://github.com/hashicorp/vault-helm/pull/545)
+
+## 0.12.0 (May 25th, 2021)
+
+Features:
+* Pass additional arguments to `vault-csi-provider` using `csi.extraArgs` [GH-526](https://github.com/hashicorp/vault-helm/pull/526)
+
+Improvements:
+* Set chart kubeVersion and added chart-verifier tests [GH-510](https://github.com/hashicorp/vault-helm/pull/510)
+* Added values json schema [GH-513](https://github.com/hashicorp/vault-helm/pull/513)
+* Ability to set tolerations for CSI daemonset pods [GH-521](https://github.com/hashicorp/vault-helm/pull/521)
+* UI target port is now configurable [GH-437](https://github.com/hashicorp/vault-helm/pull/437)
+
+Bugs:
+* CSI: `global.imagePullSecrets` are now also used for CSI daemonset [GH-519](https://github.com/hashicorp/vault-helm/pull/519)
+
+## 0.11.0 (April 14th, 2021)
+
+Features:
+* Added `server.enabled` to explicitly skip installing a Vault server [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+* Injector now supports enabling host network [GH-471](https://github.com/hashicorp/vault-helm/pull/471)
+* Injector port is now configurable [GH-489](https://github.com/hashicorp/vault-helm/pull/489)
+* Injector Vault Agent resource defaults are now configurable [GH-493](https://github.com/hashicorp/vault-helm/pull/493)
+* Extra paths can now be added to the Vault ingress service [GH-460](https://github.com/hashicorp/vault-helm/pull/460)
+* Log level and format can now be set directly using `server.logFormat` and `server.logLevel` [GH-488](https://github.com/hashicorp/vault-helm/pull/488)
+
+Improvements:
+* Added `https` name to injector service port [GH-495](https://github.com/hashicorp/vault-helm/pull/495)
+
+Bugs:
+* CSI: Fix ClusterRole name and DaemonSet's service account to properly match deployment name [GH-486](https://github.com/hashicorp/vault-helm/pull/486)
+
+## 0.10.0 (March 25th, 2021)
+
+Features:
+* Add support for [Vault CSI provider](https://github.com/hashicorp/vault-csi-provider) [GH-461](https://github.com/hashicorp/vault-helm/pull/461)
+
+Improvements:
+* `objectSelector` can now be set on the mutating admission webhook [GH-456](https://github.com/hashicorp/vault-helm/pull/456)
+
+## 0.9.1 (February 2nd, 2021)
+
+Bugs:
+* Injector: fix labels for default anti-affinity rule [GH-441](https://github.com/hashicorp/vault-helm/pull/441), [GH-442](https://github.com/hashicorp/vault-helm/pull/442)
+* Set VAULT_DEV_LISTEN_ADDRESS in dev mode [GH-446](https://github.com/hashicorp/vault-helm/pull/446)
+
+## 0.9.0 (January 5th, 2021)
+
+Features:
+* Injector now supports configurable number of replicas [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+* Injector now supports auto TLS for multiple replicas using leader elections [GH-436](https://github.com/hashicorp/vault-helm/pull/436)
+
+Improvements:
+* Dev mode now supports `server.extraArgs` [GH-421](https://github.com/hashicorp/vault-helm/pull/421)
+* Dev mode root token is now configurable with `server.dev.devRootToken` [GH-415](https://github.com/hashicorp/vault-helm/pull/415)
+* ClusterRoleBinding updated to `v1` [GH-395](https://github.com/hashicorp/vault-helm/pull/395)
+* MutatingWebhook updated to `v1` [GH-408](https://github.com/hashicorp/vault-helm/pull/408)
+* Injector service now supports `injector.service.annotations` [425](https://github.com/hashicorp/vault-helm/pull/425)
+* Injector now supports `injector.extraLabels` [428](https://github.com/hashicorp/vault-helm/pull/428)
+* Added `allowPrivilegeEscalation: false` to Vault and Injector containers [429](https://github.com/hashicorp/vault-helm/pull/429)
+* Network Policy now supports `server.networkPolicy.egress` [389](https://github.com/hashicorp/vault-helm/pull/389)
+
+## 0.8.0 (October 20th, 2020)
+
+Improvements:
+* Make server NetworkPolicy independent of OpenShift [GH-381](https://github.com/hashicorp/vault-helm/pull/381)
+* Added configurables for all probe values [GH-387](https://github.com/hashicorp/vault-helm/pull/387)
+* MountPath for audit and data storage is now configurable [GH-393](https://github.com/hashicorp/vault-helm/pull/393)
+* Annotations can now be added to the Injector pods [GH-394](https://github.com/hashicorp/vault-helm/pull/394)
+* The injector can now be configured with a failurePolicy [GH-400](https://github.com/hashicorp/vault-helm/pull/400)
+* Added additional environment variables for rendering within Vault config [GH-398](https://github.com/hashicorp/vault-helm/pull/398)
+* Service account for Vault K8s auth is automatically created when `injector.externalVaultAddr` is set [GH-392](https://github.com/hashicorp/vault-helm/pull/392)
+
+Bugs:
+* Fixed install output using Helm V2 command [GH-378](https://github.com/hashicorp/vault-helm/pull/378)
+
+## 0.7.0 (August 24th, 2020)
+
+Features:
+* Added `volumes` and `volumeMounts` for mounting _any_ type of volume [GH-314](https://github.com/hashicorp/vault-helm/pull/314).
+* Added configurable to enable prometheus telemetery exporter for Vault Agent Injector [GH-372](https://github.com/hashicorp/vault-helm/pull/372)
+
+Improvements:
+* Added `defaultMode` configurable to `extraVolumes`[GH-321](https://github.com/hashicorp/vault-helm/pull/321)
+* Option to install and use PodSecurityPolicy's for vault server and injector [GH-177](https://github.com/hashicorp/vault-helm/pull/177)
+* `VAULT_API_ADDR` is now configurable [GH-290](https://github.com/hashicorp/vault-helm/pull/290)
+* Removed deprecated tolerate unready endpoint annotations [GH-363](https://github.com/hashicorp/vault-helm/pull/363)
+* Add an option to set annotations on the StatefulSet [GH-199](https://github.com/hashicorp/vault-helm/pull/199)
+* Make the vault server serviceAccount name a configuration option [GH-367](https://github.com/hashicorp/vault-helm/pull/367)
+* Removed annotation striction from `dev` mode [GH-371](https://github.com/hashicorp/vault-helm/pull/371)
+* Add an option to set annotations on PVCs [GH-364](https://github.com/hashicorp/vault-helm/pull/364)
+* Added service configurables for UI [GH-285](https://github.com/hashicorp/vault-helm/pull/285)
+
+Bugs:
+* Fix python dependency in test image [GH-337](https://github.com/hashicorp/vault-helm/pull/337)
+* Fix caBundle not being quoted causing validation issues with Helm 3 [GH-352](https://github.com/hashicorp/vault-helm/pull/352)
+* Fix injector network policy being rendered when injector is not enabled [GH-358](https://github.com/hashicorp/vault-helm/pull/358)
+
+## 0.6.0 (June 3rd, 2020)
+
+Features:
+* Added `extraInitContainers` to define init containers for the Vault cluster [GH-258](https://github.com/hashicorp/vault-helm/pull/258)
+* Added `postStart` lifecycle hook allowing users to configure commands to run on the Vault pods after they're ready [GH-315](https://github.com/hashicorp/vault-helm/pull/315)
+* Beta: Added OpenShift support [GH-319](https://github.com/hashicorp/vault-helm/pull/319)
+
+Improvements:
+* Server configs can now be defined in YAML.  Multi-line string configs are still compatible [GH-213](https://github.com/hashicorp/vault-helm/pull/213)
+* Removed IPC_LOCK privileges since swap is disabled on containers [[GH-198](https://github.com/hashicorp/vault-helm/pull/198)]
+* Use port names that map to vault.scheme [[GH-223](https://github.com/hashicorp/vault-helm/pull/223)]
+* Allow both yaml and multi-line string annotations [[GH-272](https://github.com/hashicorp/vault-helm/pull/272)]
+* Added configurable to set the Raft node name to hostname [[GH-269](https://github.com/hashicorp/vault-helm/pull/269)]
+* Support setting priorityClassName on pods [[GH-282](https://github.com/hashicorp/vault-helm/pull/282)]
+* Added support for ingress apiVersion `networking.k8s.io/v1beta1` [[GH-310](https://github.com/hashicorp/vault-helm/pull/310)]
+* Added configurable to change service type for the HA active service [GH-317](https://github.com/hashicorp/vault-helm/pull/317)
+
+Bugs:
+* Fixed default ingress path [[GH-224](https://github.com/hashicorp/vault-helm/pull/224)]
+* Fixed annotations for HA standby/active services [[GH-268](https://github.com/hashicorp/vault-helm/pull/268)]
+* Updated some value defaults to match their use in templates [[GH-309](https://github.com/hashicorp/vault-helm/pull/309)]
+* Use active service on ingress when ha [[GH-270](https://github.com/hashicorp/vault-helm/pull/270)]
+* Fixed bug where pull secrets weren't being used for injector image [GH-298](https://github.com/hashicorp/vault-helm/pull/298)
+
+## 0.5.0 (April 9th, 2020)
+
+Features:
+
+* Added Raft support for HA mode [[GH-228](https://github.com/hashicorp/vault-helm/pull/229)]
+* Now supports Vault Enterprise [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+* Added K8s Service Registration for HA modes [[GH-250](https://github.com/hashicorp/vault-helm/pull/250)]
+
+* Option to set `AGENT_INJECT_VAULT_AUTH_PATH` for the injector [[GH-185](https://github.com/hashicorp/vault-helm/pull/185)]
+* Added environment variables for logging and revocation on Vault Agent Injector [[GH-219](https://github.com/hashicorp/vault-helm/pull/219)]
+* Option to set environment variables for the injector deployment [[GH-232](https://github.com/hashicorp/vault-helm/pull/232)]
+* Added affinity, tolerations, and nodeSelector options for the injector deployment [[GH-234](https://github.com/hashicorp/vault-helm/pull/234)]
+* Made all annotations multi-line strings [[GH-227](https://github.com/hashicorp/vault-helm/pull/227)]
+
+## 0.4.0 (February 21st, 2020)
+
+Improvements:
+
+* Allow process namespace sharing between Vault and sidecar containers [[GH-174](https://github.com/hashicorp/vault-helm/pull/174)]
+* Added configurable to change updateStrategy [[GH-172](https://github.com/hashicorp/vault-helm/pull/172)]
+* Added sleep in the preStop lifecycle step [[GH-188](https://github.com/hashicorp/vault-helm/pull/188)]
+* Updated chart and tests to Helm 3 [[GH-195](https://github.com/hashicorp/vault-helm/pull/195)]
+* Adds Values.injector.externalVaultAddr to use the injector with an external vault [[GH-207](https://github.com/hashicorp/vault-helm/pull/207)]
+
+Bugs:
+
+* Fix bug where Vault lifecycle was appended after extra containers. [[GH-179](https://github.com/hashicorp/vault-helm/pull/179)]
+
+## 0.3.3 (January 14th, 2020)
+
+Security:
+
+* Added `server.extraArgs` to allow loading of additional Vault configurations containing sensitive settings [GH-175](https://github.com/hashicorp/vault-helm/issues/175)
+
+Bugs:
+
+* Fixed injection bug where wrong environment variables were being used for manually mounted TLS files
+
+## 0.3.2 (January 8th, 2020)
+
+Bugs:
+
+* Fixed injection bug where TLS Skip Verify was true by default [VK8S-35]
+
+## 0.3.1 (January 2nd, 2020)
+
+Bugs:
+
+* Fixed injection bug causing kube-system pods to be rejected [VK8S-14]
+
+## 0.3.0 (December 19th, 2019)
+
+Features:
+
+* Extra containers can now be added to the Vault pods
+* Added configurability of pod probes
+* Added Vault Agent Injector
+
+Improvements:
+
+* Moved `global.image` to `server.image`
+* Changed UI service template to route pods that aren't ready via `publishNotReadyAddresses: true`
+* Added better HTTP/HTTPS scheme support to http probes
+* Added configurable node port for Vault service
+* `server.authDelegator` is now enabled by default
+
+Bugs:
+
+* Fixed upgrade bug by removing chart label which contained the version
+* Fixed typo on `serviceAccount` (was `serviceaccount`)
+* Fixed readiness/liveliness HTTP probe default to accept standbys
+
+## 0.2.1 (November 12th, 2019)
+
+Bugs:
+
+* Removed `readOnlyRootFilesystem` causing issues when validating deployments
+
+## 0.2.0 (October 29th, 2019)
+
+Features:
+
+* Added load balancer support
+* Added ingress support
+* Added configurable for service types (ClusterIP, NodePort, LoadBalancer, etc)
+* Removed root requirements, now runs as Vault user
+
+Improvements:
+
+* Added namespace value to all rendered objects
+* Made ports configurable in services
+* Added the ability to add custom annotations to services
+* Added docker image for running bats test in CircleCI
+* Removed restrictions around `dev` mode such as annotations
+* `readOnlyRootFilesystem` is now configurable
+* Image Pull Policy is now configurable
+
+Bugs:
+
+* Fixed selector bugs related to Helm label updates (services, affinities, and pod disruption)
+* Fixed bug where audit storage was not being mounted in HA mode
+* Fixed bug where Vault pod wasn't receiving SIGTERM signals
+
+
+## 0.1.2 (August 22nd, 2019)
+
+Features:
+
+* Added `extraSecretEnvironmentVars` to allow users to mount secrets as
+  environment variables
+* Added `tlsDisable` configurable to change HTTP protocols from HTTP/HTTPS
+  depending on the value
+* Added `serviceNodePort` to configure a NodePort value when setting `serviceType`
+  to "NodePort"
+
+Improvements:
+
+* Changed UI port to 8200 for better HTTP protocol support
+* Added `path` to `extraVolumes` to define where the volume should be
+  mounted.  Defaults to `/vault/userconfig`
+* Upgraded Vault to 1.2.2
+
+Bugs:
+
+* Fixed bug where upgrade would fail because immutable labels were being
+  changed (Helm Version label)
+* Fixed bug where UI service used wrong selector after updating helm labels
+* Added `VAULT_API_ADDR` env to Vault pod to fixed bug where Vault thinks
+  Consul is the active node
+* Removed `step-down` preStop since it requires authentication.  Shutdown signal
+  sent by Kube acts similar to `step-down`
+
+
+## 0.1.1 (August 7th, 2019)
+
+Features:
+
+* Added `authDelegator` Cluster Role Binding to Vault service account for
+  bootstrapping Kube auth method
+
+Improvements:
+
+* Added `server.service.clusterIP` to `values.yml` so users can toggle
+  the Vault service to headless by using the value `None`.
+* Upgraded Vault to 1.2.1
+
+## 0.1.0 (August 6th, 2019)
+
+Initial release
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/CONTRIBUTING.md b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/CONTRIBUTING.md
new file mode 100644
index 00000000000..ad31ac92d15
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/CONTRIBUTING.md
@@ -0,0 +1,247 @@
+# Contributing to Vault Helm
+
+**Please note:** We take Vault's security and our users' trust very seriously.
+If you believe you have found a security issue in Vault, please responsibly
+disclose by contacting us at security@hashicorp.com.
+
+**First:** if you're unsure or afraid of _anything_, just ask or submit the
+issue or pull request anyways. You won't be yelled at for giving it your best
+effort. The worst that can happen is that you'll be politely asked to change
+something. We appreciate any sort of contributions, and don't want a wall of
+rules to get in the way of that.
+
+That said, if you want to ensure that a pull request is likely to be merged,
+talk to us! You can find out our thoughts and ensure that your contribution
+won't clash or be obviated by Vault's normal direction. A great way to do this
+is via the [Vault Discussion Forum][1].
+
+This document will cover what we're looking for in terms of reporting issues.
+By addressing all the points we're looking for, it raises the chances we can
+quickly merge or address your contributions.
+
+[1]: https://discuss.hashicorp.com/c/vault
+
+## Issues
+
+### Reporting an Issue
+
+* Make sure you test against the latest released version. It is possible
+  we already fixed the bug you're experiencing. Even better is if you can test
+  against `main`, as bugs are fixed regularly but new versions are only
+  released every few months.
+
+* Provide steps to reproduce the issue, and if possible include the expected
+  results as well as the actual results. Please provide text, not screen shots!
+
+* Respond as promptly as possible to any questions made by the Vault
+  team to your issue. Stale issues will be closed periodically.
+
+### Issue Lifecycle
+
+1. The issue is reported.
+
+2. The issue is verified and categorized by a Vault Helm collaborator.
+   Categorization is done via tags. For example, bugs are marked as "bugs".
+
+3. Unless it is critical, the issue may be left for a period of time (sometimes
+   many weeks), giving outside contributors -- maybe you!? -- a chance to
+   address the issue.
+
+4. The issue is addressed in a pull request or commit. The issue will be
+   referenced in the commit message so that the code that fixes it is clearly
+   linked.
+
+5. The issue is closed. Sometimes, valid issues will be closed to keep
+   the issue tracker clean. The issue is still indexed and available for
+   future viewers, or can be re-opened if necessary.
+
+## Testing
+
+The Helm chart ships with both unit and acceptance tests.
+
+The unit tests don't require any active Kubernetes cluster and complete
+very quickly. These should be used for fast feedback during development.
+The acceptance tests require a Kubernetes cluster with a configured `kubectl`.
+
+### Test Using Docker Container
+
+The following are the instructions for running bats tests using a Docker container.
+
+#### Prerequisites
+
+* Docker installed
+* `vault-helm` checked out locally
+
+#### Test
+
+**Note:** the following commands should be run from the `vault-helm` directory.
+
+First, build the Docker image for running the tests:
+
+```shell
+docker build -f ${PWD}/test/docker/Test.dockerfile ${PWD}/test/docker/ -t vault-helm-test
+```
+Next, execute the tests with the following commands:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit
+```
+It's possible to only run specific bats tests using regular expressions. 
+For example, the following will run only tests with "injector" in the name:
+```shell
+docker run -it --rm -v "${PWD}:/test" vault-helm-test bats /test/test/unit -f "injector"
+```
+
+### Test Manually
+The following are the instructions for running bats tests on your workstation.
+#### Prerequisites
+* [Bats](https://github.com/bats-core/bats-core)
+  ```bash
+  brew install bats-core
+  ```
+* [yq](https://pypi.org/project/yq/)
+  ```bash
+  brew install python-yq
+  ```
+* [helm](https://helm.sh)
+  ```bash
+  brew install kubernetes-helm
+  ```
+
+#### Test
+
+To run the unit tests:
+
+    bats ./test/unit
+
+To run the acceptance tests:
+
+    bats ./test/acceptance
+
+If the acceptance tests fail, deployed resources in the Kubernetes cluster
+may not be properly cleaned up. We recommend recycling the Kubernetes cluster to
+start from a clean slate.
+
+**Note:** There is a Terraform configuration in the
+[`test/terraform/`](https://github.com/hashicorp/vault-helm/tree/main/test/terraform) directory
+that can be used to quickly bring up a GKE cluster and configure
+`kubectl` and `helm` locally. This can be used to quickly spin up a test
+cluster for acceptance tests. Unit tests _do not_ require a running Kubernetes
+cluster.
+
+### Writing Unit Tests
+
+Changes to the Helm chart should be accompanied by appropriate unit tests.
+
+#### Formatting
+
+- Put tests in the test file in the same order as the variables appear in the `values.yaml`.
+- Start tests for a chart value with a header that says what is being tested, like this:
+    ```
+    #--------------------------------------------------------------------
+    # annotations
+    ```
+
+- Name the test based on what it's testing in the following format (this will be its first line):
+    ```
+    @test "<section being tested>: <short description of the test case>" {
+    ```
+
+    When adding tests to an existing file, the first section will be the same as the other tests in the file.
+
+#### Test Details
+
+[Bats](https://github.com/bats-core/bats-core) provides a way to run commands in a shell and inspect the output in an automated way.
+In all of the tests in this repo, the base command being run is [helm template](https://docs.helm.sh/helm/#helm-template) which turns the templated files into straight yaml output.
+In this way, we're able to test that the various conditionals in the templates render as we would expect.
+
+Each test defines the files that should be rendered using the `--show-only` flag, then it might adjust chart values by adding `--set` flags as well.
+The output from this `helm template` command is then piped to [yq](https://pypi.org/project/yq/).
+`yq` allows us to pull out just the information we're interested in, either by referencing its position in the yaml file directly or giving information about it (like its length).
+The `-r` flag can be used with `yq` to return a raw string instead of a quoted one which is especially useful when looking for an exact match.
+
+The test passes or fails based on the conditional at the end that is in square brackets, which is a comparison of our expected value and the output of  `helm template` piped to `yq`.
+
+The `| tee /dev/stderr ` pieces direct any terminal output of the `helm template` and `yq` commands to stderr so that it doesn't interfere with `bats`.
+
+#### Test Examples
+
+Here are some examples of common test patterns:
+
+- Check that a value is disabled by default
+
+    ```
+    @test "ui/Service: no type by default" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "null" ]
+    }
+    ```
+
+    In this example, nothing is changed from the default templates (no `--set` flags), then we use `yq` to retrieve the value we're checking, `.spec.type`.
+    This output is then compared against our expected value (`null` in this case) in the assertion `[ "${actual}" = "null" ]`.
+
+
+- Check that a template value is rendered to a specific value
+    ```
+    @test "ui/Service: specified type" {
+      cd `chart_dir`
+      local actual=$(helm template \
+          --show-only templates/ui-service.yaml  \
+          --set 'ui.serviceType=LoadBalancer' \
+          . | tee /dev/stderr |
+          yq -r '.spec.type' | tee /dev/stderr)
+      [ "${actual}" = "LoadBalancer" ]
+    }
+    ```
+
+    This is very similar to the last example, except we've changed a default value with the `--set` flag and correspondingly changed the expected value.
+
+- Check that a template value contains several values
+    ```
+	@test "server/standalone-StatefulSet: custom resources" {
+	  cd `chart_dir`
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.requests.memory=256Mi' \
+		  --set 'server.resources.requests.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.requests.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+
+	  local actual=$(helm template \
+		  --show-only templates/server-statefulset.yaml  \
+		  --set 'server.standalone.enabled=true' \
+		  --set 'server.resources.limits.memory=256Mi' \
+		  --set 'server.resources.limits.cpu=250m' \
+		  . | tee /dev/stderr |
+		  yq -r '.spec.template.spec.containers[0].resources.limits.memory' | tee /dev/stderr)
+	  [ "${actual}" = "256Mi" ]
+    ```
+
+    *Note:* If testing more than two conditions, it would be good to separate the `helm template` part of the command from the `yq` sections to reduce redundant work.
+
+- Check that an entire template file is not rendered
+    ```
+    @test "syncCatalog/Deployment: disabled by default" {
+      cd `chart_dir`
+      local actual=$( (helm template \
+          --show-only templates/server-statefulset.yaml  \
+          --set 'global.enabled=false' \
+          . || echo "---") | tee /dev/stderr |
+          yq 'length > 0' | tee /dev/stderr)
+      [ "${actual}" = "false" ]
+    }
+    ```
+    Here we are check the length of the command output to see if the anything is rendered.
+    This style can easily be switched to check that a file is rendered instead.
+
+## Contributor License Agreement
+
+We require that all contributors sign our Contributor License Agreement ("CLA")
+before we can accept the contribution.
+
+[Learn more about why HashiCorp requires a CLA and what the CLA includes](https://www.hashicorp.com/cla)
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/Chart.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/Chart.yaml
new file mode 100644
index 00000000000..7eb696df5dd
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/Chart.yaml
@@ -0,0 +1,23 @@
+apiVersion: v2
+appVersion: 1.11.2
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- vault
+- security
+- encryption
+- secrets
+- management
+- automation
+- infrastructure
+kubeVersion: '>= 1.16.0-0'
+name: test-openshift-helm-chart
+sources:
+- https://github.com/hashicorp/vault
+- https://github.com/hashicorp/vault-helm
+- https://github.com/hashicorp/vault-k8s
+- https://github.com/hashicorp/vault-csi-provider
+version: 0.21.0
+annotations:
+  charts.openshift.io/name: test-openshift-helm-chart
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/LICENSE.md b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/LICENSE.md
new file mode 100644
index 00000000000..82b4de97c7e
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/LICENSE.md
@@ -0,0 +1,353 @@
+Mozilla Public License, version 2.0
+
+1. Definitions
+
+1.1. “Contributor”
+
+     means each individual or legal entity that creates, contributes to the
+     creation of, or owns Covered Software.
+
+1.2. “Contributor Version”
+
+     means the combination of the Contributions of others (if any) used by a
+     Contributor and that particular Contributor’s Contribution.
+
+1.3. “Contribution”
+
+     means Covered Software of a particular Contributor.
+
+1.4. “Covered Software”
+
+     means Source Code Form to which the initial Contributor has attached the
+     notice in Exhibit A, the Executable Form of such Source Code Form, and
+     Modifications of such Source Code Form, in each case including portions
+     thereof.
+
+1.5. “Incompatible With Secondary Licenses”
+     means
+
+     a. that the initial Contributor has attached the notice described in
+        Exhibit B to the Covered Software; or
+
+     b. that the Covered Software was made available under the terms of version
+        1.1 or earlier of the License, but not also under the terms of a
+        Secondary License.
+
+1.6. “Executable Form”
+
+     means any form of the work other than Source Code Form.
+
+1.7. “Larger Work”
+
+     means a work that combines Covered Software with other material, in a separate
+     file or files, that is not Covered Software.
+
+1.8. “License”
+
+     means this document.
+
+1.9. “Licensable”
+
+     means having the right to grant, to the maximum extent possible, whether at the
+     time of the initial grant or subsequently, any and all of the rights conveyed by
+     this License.
+
+1.10. “Modifications”
+
+     means any of the following:
+
+     a. any file in Source Code Form that results from an addition to, deletion
+        from, or modification of the contents of Covered Software; or
+
+     b. any new file in Source Code Form that contains any Covered Software.
+
+1.11. “Patent Claims” of a Contributor
+
+      means any patent claim(s), including without limitation, method, process,
+      and apparatus claims, in any patent Licensable by such Contributor that
+      would be infringed, but for the grant of the License, by the making,
+      using, selling, offering for sale, having made, import, or transfer of
+      either its Contributions or its Contributor Version.
+
+1.12. “Secondary License”
+
+      means either the GNU General Public License, Version 2.0, the GNU Lesser
+      General Public License, Version 2.1, the GNU Affero General Public
+      License, Version 3.0, or any later versions of those licenses.
+
+1.13. “Source Code Form”
+
+      means the form of the work preferred for making modifications.
+
+1.14. “You” (or “Your”)
+
+      means an individual or a legal entity exercising rights under this
+      License. For legal entities, “You” includes any entity that controls, is
+      controlled by, or is under common control with You. For purposes of this
+      definition, “control” means (a) the power, direct or indirect, to cause
+      the direction or management of such entity, whether by contract or
+      otherwise, or (b) ownership of more than fifty percent (50%) of the
+      outstanding shares or beneficial ownership of such entity.
+
+
+2. License Grants and Conditions
+
+2.1. Grants
+
+     Each Contributor hereby grants You a world-wide, royalty-free,
+     non-exclusive license:
+
+     a. under intellectual property rights (other than patent or trademark)
+        Licensable by such Contributor to use, reproduce, make available,
+        modify, display, perform, distribute, and otherwise exploit its
+        Contributions, either on an unmodified basis, with Modifications, or as
+        part of a Larger Work; and
+
+     b. under Patent Claims of such Contributor to make, use, sell, offer for
+        sale, have made, import, and otherwise transfer either its Contributions
+        or its Contributor Version.
+
+2.2. Effective Date
+
+     The licenses granted in Section 2.1 with respect to any Contribution become
+     effective for each Contribution on the date the Contributor first distributes
+     such Contribution.
+
+2.3. Limitations on Grant Scope
+
+     The licenses granted in this Section 2 are the only rights granted under this
+     License. No additional rights or licenses will be implied from the distribution
+     or licensing of Covered Software under this License. Notwithstanding Section
+     2.1(b) above, no patent license is granted by a Contributor:
+
+     a. for any code that a Contributor has removed from Covered Software; or
+
+     b. for infringements caused by: (i) Your and any other third party’s
+        modifications of Covered Software, or (ii) the combination of its
+        Contributions with other software (except as part of its Contributor
+        Version); or
+
+     c. under Patent Claims infringed by Covered Software in the absence of its
+        Contributions.
+
+     This License does not grant any rights in the trademarks, service marks, or
+     logos of any Contributor (except as may be necessary to comply with the
+     notice requirements in Section 3.4).
+
+2.4. Subsequent Licenses
+
+     No Contributor makes additional grants as a result of Your choice to
+     distribute the Covered Software under a subsequent version of this License
+     (see Section 10.2) or under the terms of a Secondary License (if permitted
+     under the terms of Section 3.3).
+
+2.5. Representation
+
+     Each Contributor represents that the Contributor believes its Contributions
+     are its original creation(s) or it has sufficient rights to grant the
+     rights to its Contributions conveyed by this License.
+
+2.6. Fair Use
+
+     This License is not intended to limit any rights You have under applicable
+     copyright doctrines of fair use, fair dealing, or other equivalents.
+
+2.7. Conditions
+
+     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
+     Section 2.1.
+
+
+3. Responsibilities
+
+3.1. Distribution of Source Form
+
+     All distribution of Covered Software in Source Code Form, including any
+     Modifications that You create or to which You contribute, must be under the
+     terms of this License. You must inform recipients that the Source Code Form
+     of the Covered Software is governed by the terms of this License, and how
+     they can obtain a copy of this License. You may not attempt to alter or
+     restrict the recipients’ rights in the Source Code Form.
+
+3.2. Distribution of Executable Form
+
+     If You distribute Covered Software in Executable Form then:
+
+     a. such Covered Software must also be made available in Source Code Form,
+        as described in Section 3.1, and You must inform recipients of the
+        Executable Form how they can obtain a copy of such Source Code Form by
+        reasonable means in a timely manner, at a charge no more than the cost
+        of distribution to the recipient; and
+
+     b. You may distribute such Executable Form under the terms of this License,
+        or sublicense it under different terms, provided that the license for
+        the Executable Form does not attempt to limit or alter the recipients’
+        rights in the Source Code Form under this License.
+
+3.3. Distribution of a Larger Work
+
+     You may create and distribute a Larger Work under terms of Your choice,
+     provided that You also comply with the requirements of this License for the
+     Covered Software. If the Larger Work is a combination of Covered Software
+     with a work governed by one or more Secondary Licenses, and the Covered
+     Software is not Incompatible With Secondary Licenses, this License permits
+     You to additionally distribute such Covered Software under the terms of
+     such Secondary License(s), so that the recipient of the Larger Work may, at
+     their option, further distribute the Covered Software under the terms of
+     either this License or such Secondary License(s).
+
+3.4. Notices
+
+     You may not remove or alter the substance of any license notices (including
+     copyright notices, patent notices, disclaimers of warranty, or limitations
+     of liability) contained within the Source Code Form of the Covered
+     Software, except that You may alter any license notices to the extent
+     required to remedy known factual inaccuracies.
+
+3.5. Application of Additional Terms
+
+     You may choose to offer, and to charge a fee for, warranty, support,
+     indemnity or liability obligations to one or more recipients of Covered
+     Software. However, You may do so only on Your own behalf, and not on behalf
+     of any Contributor. You must make it absolutely clear that any such
+     warranty, support, indemnity, or liability obligation is offered by You
+     alone, and You hereby agree to indemnify every Contributor for any
+     liability incurred by such Contributor as a result of warranty, support,
+     indemnity or liability terms You offer. You may include additional
+     disclaimers of warranty and limitations of liability specific to any
+     jurisdiction.
+
+4. Inability to Comply Due to Statute or Regulation
+
+   If it is impossible for You to comply with any of the terms of this License
+   with respect to some or all of the Covered Software due to statute, judicial
+   order, or regulation then You must: (a) comply with the terms of this License
+   to the maximum extent possible; and (b) describe the limitations and the code
+   they affect. Such description must be placed in a text file included with all
+   distributions of the Covered Software under this License. Except to the
+   extent prohibited by statute or regulation, such description must be
+   sufficiently detailed for a recipient of ordinary skill to be able to
+   understand it.
+
+5. Termination
+
+5.1. The rights granted under this License will terminate automatically if You
+     fail to comply with any of its terms. However, if You become compliant,
+     then the rights granted under this License from a particular Contributor
+     are reinstated (a) provisionally, unless and until such Contributor
+     explicitly and finally terminates Your grants, and (b) on an ongoing basis,
+     if such Contributor fails to notify You of the non-compliance by some
+     reasonable means prior to 60 days after You have come back into compliance.
+     Moreover, Your grants from a particular Contributor are reinstated on an
+     ongoing basis if such Contributor notifies You of the non-compliance by
+     some reasonable means, this is the first time You have received notice of
+     non-compliance with this License from such Contributor, and You become
+     compliant prior to 30 days after Your receipt of the notice.
+
+5.2. If You initiate litigation against any entity by asserting a patent
+     infringement claim (excluding declaratory judgment actions, counter-claims,
+     and cross-claims) alleging that a Contributor Version directly or
+     indirectly infringes any patent, then the rights granted to You by any and
+     all Contributors for the Covered Software under Section 2.1 of this License
+     shall terminate.
+
+5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
+     license agreements (excluding distributors and resellers) which have been
+     validly granted by You or Your distributors under this License prior to
+     termination shall survive termination.
+
+6. Disclaimer of Warranty
+
+   Covered Software is provided under this License on an “as is” basis, without
+   warranty of any kind, either expressed, implied, or statutory, including,
+   without limitation, warranties that the Covered Software is free of defects,
+   merchantable, fit for a particular purpose or non-infringing. The entire
+   risk as to the quality and performance of the Covered Software is with You.
+   Should any Covered Software prove defective in any respect, You (not any
+   Contributor) assume the cost of any necessary servicing, repair, or
+   correction. This disclaimer of warranty constitutes an essential part of this
+   License. No use of  any Covered Software is authorized under this License
+   except under this disclaimer.
+
+7. Limitation of Liability
+
+   Under no circumstances and under no legal theory, whether tort (including
+   negligence), contract, or otherwise, shall any Contributor, or anyone who
+   distributes Covered Software as permitted above, be liable to You for any
+   direct, indirect, special, incidental, or consequential damages of any
+   character including, without limitation, damages for lost profits, loss of
+   goodwill, work stoppage, computer failure or malfunction, or any and all
+   other commercial damages or losses, even if such party shall have been
+   informed of the possibility of such damages. This limitation of liability
+   shall not apply to liability for death or personal injury resulting from such
+   party’s negligence to the extent applicable law prohibits such limitation.
+   Some jurisdictions do not allow the exclusion or limitation of incidental or
+   consequential damages, so this exclusion and limitation may not apply to You.
+
+8. Litigation
+
+   Any litigation relating to this License may be brought only in the courts of
+   a jurisdiction where the defendant maintains its principal place of business
+   and such litigation shall be governed by laws of that jurisdiction, without
+   reference to its conflict-of-law provisions. Nothing in this Section shall
+   prevent a party’s ability to bring cross-claims or counter-claims.
+
+9. Miscellaneous
+
+   This License represents the complete agreement concerning the subject matter
+   hereof. If any provision of this License is held to be unenforceable, such
+   provision shall be reformed only to the extent necessary to make it
+   enforceable. Any law or regulation which provides that the language of a
+   contract shall be construed against the drafter shall not be used to construe
+   this License against a Contributor.
+
+
+10. Versions of the License
+
+10.1. New Versions
+
+      Mozilla Foundation is the license steward. Except as provided in Section
+      10.3, no one other than the license steward has the right to modify or
+      publish new versions of this License. Each version will be given a
+      distinguishing version number.
+
+10.2. Effect of New Versions
+
+      You may distribute the Covered Software under the terms of the version of
+      the License under which You originally received the Covered Software, or
+      under the terms of any subsequent version published by the license
+      steward.
+
+10.3. Modified Versions
+
+      If you create software not governed by this License, and you want to
+      create a new license for such software, you may create and use a modified
+      version of this License if you rename the license and remove any
+      references to the name of the license steward (except to note that such
+      modified license differs from this License).
+
+10.4. Distributing Source Code Form that is Incompatible With Secondary Licenses
+      If You choose to distribute Source Code Form that is Incompatible With
+      Secondary Licenses under the terms of this version of the License, the
+      notice described in Exhibit B of this License must be attached.
+
+Exhibit A - Source Code Form License Notice
+
+      This Source Code Form is subject to the
+      terms of the Mozilla Public License, v.
+      2.0. If a copy of the MPL was not
+      distributed with this file, You can
+      obtain one at
+      http://mozilla.org/MPL/2.0/.
+
+If it is not possible or desirable to put the notice in a particular file, then
+You may include the notice in a location (such as a LICENSE file in a relevant
+directory) where a recipient would be likely to look for such a notice.
+
+You may add additional accurate notices of copyright ownership.
+
+Exhibit B - “Incompatible With Secondary Licenses” Notice
+
+      This Source Code Form is “Incompatible
+      With Secondary Licenses”, as defined by
+      the Mozilla Public License, v. 2.0.
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/Makefile b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/Makefile
new file mode 100644
index 00000000000..49799e919d1
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/Makefile
@@ -0,0 +1,101 @@
+TEST_IMAGE?=vault-helm-test
+GOOGLE_CREDENTIALS?=vault-helm-test.json
+CLOUDSDK_CORE_PROJECT?=vault-helm-dev-246514
+# set to run a single test - e.g acceptance/server-ha-enterprise-dr.bats
+ACCEPTANCE_TESTS?=acceptance
+
+# filter bats unit tests to run.
+UNIT_TESTS_FILTER?='.*'
+
+# set to 'true' to run acceptance tests locally in a kind cluster
+LOCAL_ACCEPTANCE_TESTS?=false
+
+# kind cluster name
+KIND_CLUSTER_NAME?=vault-helm
+
+# kind k8s version
+KIND_K8S_VERSION?=v1.24.1
+
+# Generate json schema for chart values. See test/README.md for more details.
+values-schema:
+	helm schema-gen values.yaml > values.schema.json
+
+test-image:
+	@docker build --rm -t $(TEST_IMAGE) -f $(CURDIR)/test/docker/Test.dockerfile $(CURDIR)
+
+test-unit:
+	@docker run --rm -it -v ${PWD}:/helm-test $(TEST_IMAGE) bats -f $(UNIT_TESTS_FILTER) /helm-test/test/unit
+
+test-bats: test-unit test-acceptance
+
+test: test-image test-bats
+
+# run acceptance tests on GKE
+# set google project/credential vars above
+test-acceptance:
+ifeq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	make setup-kind acceptance
+else
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-e VAULT_LICENSE_CI=${VAULT_LICENSE_CI} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make acceptance
+endif
+
+# destroy GKE cluster using terraform
+test-destroy:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make destroy-cluster
+
+# provision GKE cluster using terraform
+test-provision:
+	@docker run -it -v ${PWD}:/helm-test \
+	-e GOOGLE_CREDENTIALS=${GOOGLE_CREDENTIALS} \
+	-e CLOUDSDK_CORE_PROJECT=${CLOUDSDK_CORE_PROJECT} \
+	-e KUBECONFIG=/helm-test/.kube/config \
+	-w /helm-test \
+	$(TEST_IMAGE) \
+	make provision-cluster
+
+# this target is for running the acceptance tests
+# it is run in the docker container above when the test-acceptance target is invoked
+acceptance:
+ifneq ($(LOCAL_ACCEPTANCE_TESTS),true)
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+endif
+	bats test/${ACCEPTANCE_TESTS}
+
+# this target is for provisioning the GKE cluster
+# it is run in the docker container above when the test-provision target is invoked
+provision-cluster:
+	gcloud auth activate-service-account --key-file=${GOOGLE_CREDENTIALS}
+	terraform init test/terraform
+	terraform apply -var project=${CLOUDSDK_CORE_PROJECT} -var init_cli=true -auto-approve test/terraform
+
+# this target is for removing the GKE cluster
+# it is run in the docker container above when the test-destroy target is invoked
+destroy-cluster:
+	terraform destroy -auto-approve
+
+# create a kind cluster for running the acceptance tests locally
+setup-kind:
+	kind get clusters | grep -q "^${KIND_CLUSTER_NAME}$$" || \
+	kind create cluster \
+	--image kindest/node:${KIND_K8S_VERSION} \
+	--name ${KIND_CLUSTER_NAME}  \
+	--config $(CURDIR)/test/kind/config.yaml
+	kubectl config use-context kind-${KIND_CLUSTER_NAME}
+
+# delete the kind cluster
+delete-kind:
+	kind delete cluster --name ${KIND_CLUSTER_NAME} || :
+
+.PHONY: values-schema test-image test-unit test-bats test test-acceptance test-destroy test-provision acceptance provision-cluster destroy-cluster
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/README.md b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/README.md
new file mode 100644
index 00000000000..c9971ff41b5
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/README.md
@@ -0,0 +1,43 @@
+# Vault Helm Chart
+
+> :warning: **Please note**: We take Vault's security and our users' trust very seriously. If 
+you believe you have found a security issue in Vault Helm, _please responsibly disclose_ 
+by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com).
+
+This repository contains the official HashiCorp Helm chart for installing
+and configuring Vault on Kubernetes. This chart supports multiple use
+cases of Vault on Kubernetes depending on the values provided.
+
+For full documentation on this Helm chart along with all the ways you can
+use Vault with Kubernetes, please see the
+[Vault and Kubernetes documentation](https://www.vaultproject.io/docs/platform/k8s/).
+
+## Prerequisites
+
+To use the charts here, [Helm](https://helm.sh/) must be configured for your
+Kubernetes cluster. Setting up Kubernetes and Helm is outside the scope of
+this README. Please refer to the Kubernetes and Helm documentation.
+
+The versions required are:
+
+  * **Helm 3.6+**
+  * **Kubernetes 1.16+** - This is the earliest version of Kubernetes tested.
+    It is possible that this chart works with earlier versions but it is
+    untested.
+
+## Usage
+
+To install the latest version of this chart, add the Hashicorp helm repository
+and run `helm install`:
+
+```console
+$ helm repo add hashicorp https://helm.releases.hashicorp.com
+"hashicorp" has been added to your repositories
+
+$ helm install vault hashicorp/vault
+```
+
+Please see the many options supported in the `values.yaml` file. These are also
+fully documented directly on the [Vault
+website](https://www.vaultproject.io/docs/platform/k8s/helm) along with more
+detailed installation instructions.
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/NOTES.txt b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/NOTES.txt
new file mode 100644
index 00000000000..8e267121c8f
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/NOTES.txt
@@ -0,0 +1,14 @@
+
+Thank you for installing HashiCorp Vault!
+
+Now that you have deployed Vault, you should look over the docs on using
+Vault with Kubernetes available here:
+
+https://www.vaultproject.io/docs/
+
+
+Your release is named {{ .Release.Name }}. To learn more about the release, try:
+
+  $ helm status {{ .Release.Name }}
+  $ helm get manifest {{ .Release.Name }}
+
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/_helpers.tpl b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/_helpers.tpl
new file mode 100644
index 00000000000..38973910adf
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/_helpers.tpl
@@ -0,0 +1,953 @@
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to
+this (by the DNS naming spec). If release name contains chart name it will
+be used as a full name.
+*/}}
+{{- define "vault.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "vault.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "vault.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Compute if the csi driver is enabled.
+*/}}
+{{- define "vault.csiEnabled" -}}
+{{- $_ := set . "csiEnabled" (or
+  (eq (.Values.csi.enabled | toString) "true")
+  (and (eq (.Values.csi.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the injector is enabled.
+*/}}
+{{- define "vault.injectorEnabled" -}}
+{{- $_ := set . "injectorEnabled" (or
+  (eq (.Values.injector.enabled | toString) "true")
+  (and (eq (.Values.injector.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server is enabled.
+*/}}
+{{- define "vault.serverEnabled" -}}
+{{- $_ := set . "serverEnabled" (or
+  (eq (.Values.server.enabled | toString) "true")
+  (and (eq (.Values.server.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverServiceAccountEnabled" -}}
+{{- $_ := set . "serverServiceAccountEnabled"
+  (and
+    (eq (.Values.server.serviceAccount.create | toString) "true" )
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server auth delegator serviceaccount is enabled.
+*/}}
+{{- define "vault.serverAuthDelegator" -}}
+{{- $_ := set . "serverAuthDelegator"
+  (and
+    (eq (.Values.server.authDelegator.enabled | toString) "true" )
+    (or (eq (.Values.server.serviceAccount.create | toString) "true")
+        (not (eq .Values.server.serviceAccount.name "")))
+    (or
+      (eq (.Values.server.enabled | toString) "true")
+      (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute if the server service is enabled.
+*/}}
+{{- define "vault.serverServiceEnabled" -}}
+{{- template "vault.serverEnabled" . -}}
+{{- $_ := set . "serverServiceEnabled" (and .serverEnabled (eq (.Values.server.service.enabled | toString) "true")) -}}
+{{- end -}}
+
+{{/*
+Compute if the ui is enabled.
+*/}}
+{{- define "vault.uiEnabled" -}}
+{{- $_ := set . "uiEnabled" (or
+  (eq (.Values.ui.enabled | toString) "true")
+  (and (eq (.Values.ui.enabled | toString) "-") (eq (.Values.global.enabled | toString) "true"))) -}}
+{{- end -}}
+
+{{/*
+Compute the maximum number of unavailable replicas for the PodDisruptionBudget.
+This defaults to (n/2)-1 where n is the number of members of the server cluster.
+Add a special case for replicas=1, where it should default to 0 as well.
+*/}}
+{{- define "vault.pdb.maxUnavailable" -}}
+{{- if eq (int .Values.server.ha.replicas) 1 -}}
+{{ 0 }}
+{{- else if .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{ .Values.server.ha.disruptionBudget.maxUnavailable -}}
+{{- else -}}
+{{- div (sub (div (mul (int .Values.server.ha.replicas) 10) 2) 1) 10 -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the variable 'mode' to the server mode requested by the user to simplify
+template logic.
+*/}}
+{{- define "vault.mode" -}}
+  {{- template "vault.serverEnabled" . -}}
+  {{- if or (.Values.injector.externalVaultAddr) (.Values.global.externalVaultAddr) -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if not .serverEnabled -}}
+    {{- $_ := set . "mode" "external" -}}
+  {{- else if eq (.Values.server.dev.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "dev" -}}
+  {{- else if eq (.Values.server.ha.enabled | toString) "true" -}}
+    {{- $_ := set . "mode" "ha" -}}
+  {{- else if or (eq (.Values.server.standalone.enabled | toString) "true") (eq (.Values.server.standalone.enabled | toString) "-") -}}
+    {{- $_ := set . "mode" "standalone" -}}
+  {{- else -}}
+    {{- $_ := set . "mode" "" -}}
+  {{- end -}}
+{{- end -}}
+
+{{/*
+Set's the replica count based on the different modes configured by user
+*/}}
+{{- define "vault.replicas" -}}
+  {{ if eq .mode "standalone" }}
+    {{- default 1 -}}
+  {{ else if eq .mode "ha" }}
+    {{- .Values.server.ha.replicas | default 3 -}}
+  {{ else }}
+    {{- default 1 -}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's up configmap mounts if this isn't a dev deployment and the user
+defined a custom configuration.  Additionally iterates over any
+extra volumes the user may have specified (such as a secret with TLS).
+*/}}
+{{- define "vault.volumes" -}}
+  {{- if and (ne .mode "dev") (or (.Values.server.standalone.config) (.Values.server.ha.config)) }}
+        - name: config
+          configMap:
+            name: {{ template "vault.fullname" . }}-config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+        - name: userconfig-{{ .name }}
+          {{ .type }}:
+          {{- if (eq .type "configMap") }}
+            name: {{ .name }}
+          {{- else if (eq .type "secret") }}
+            secretName: {{ .name }}
+          {{- end }}
+            defaultMode: {{ .defaultMode | default 420 }}
+  {{- end }}
+  {{- if .Values.server.volumes }}
+    {{- toYaml .Values.server.volumes | nindent 8}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+        - name: vault-license
+          secret:
+            secretName: {{ .Values.server.enterpriseLicense.secretName }}
+            defaultMode: 0440
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the args for custom command to render the Vault configuration
+file with IP addresses to make the out of box experience easier
+for users looking to use this chart with Consul Helm.
+*/}}
+{{- define "vault.args" -}}
+  {{ if or (eq .mode "standalone") (eq .mode "ha") }}
+          - |
+            cp /vault/config/extraconfig-from-values.hcl /tmp/storageconfig.hcl;
+            [ -n "${HOST_IP}" ] && sed -Ei "s|HOST_IP|${HOST_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${POD_IP}" ] && sed -Ei "s|POD_IP|${POD_IP?}|g" /tmp/storageconfig.hcl;
+            [ -n "${HOSTNAME}" ] && sed -Ei "s|HOSTNAME|${HOSTNAME?}|g" /tmp/storageconfig.hcl;
+            [ -n "${API_ADDR}" ] && sed -Ei "s|API_ADDR|${API_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${TRANSIT_ADDR}" ] && sed -Ei "s|TRANSIT_ADDR|${TRANSIT_ADDR?}|g" /tmp/storageconfig.hcl;
+            [ -n "${RAFT_ADDR}" ] && sed -Ei "s|RAFT_ADDR|${RAFT_ADDR?}|g" /tmp/storageconfig.hcl;
+            /usr/local/bin/docker-entrypoint.sh vault server -config=/tmp/storageconfig.hcl {{ .Values.server.extraArgs }}
+   {{ else if eq .mode "dev" }}
+          - |
+            /usr/local/bin/docker-entrypoint.sh vault server -dev {{ .Values.server.extraArgs }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's additional environment variables based on the mode.
+*/}}
+{{- define "vault.envs" -}}
+  {{ if eq .mode "dev" }}
+            - name: VAULT_DEV_ROOT_TOKEN_ID
+              value: {{ .Values.server.dev.devRootToken }}
+            - name: VAULT_DEV_LISTEN_ADDRESS
+              value: "[::]:8200"
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's which additional volumes should be mounted to the container
+based on the mode configured.
+*/}}
+{{- define "vault.mounts" -}}
+  {{ if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+            - name: audit
+              mountPath: {{ .Values.server.auditStorage.mountPath }}
+  {{ end }}
+  {{ if or (eq .mode "standalone") (and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true"))  }}
+    {{ if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+            - name: data
+              mountPath: {{ .Values.server.dataStorage.mountPath }}
+    {{ end }}
+  {{ end }}
+  {{ if and (ne .mode "dev") (or (.Values.server.standalone.config)  (.Values.server.ha.config)) }}
+            - name: config
+              mountPath: /vault/config
+  {{ end }}
+  {{- range .Values.server.extraVolumes }}
+            - name: userconfig-{{ .name }}
+              readOnly: true
+              mountPath: {{ .path | default "/vault/userconfig" }}/{{ .name }}
+  {{- end }}
+  {{- if .Values.server.volumeMounts }}
+    {{- toYaml .Values.server.volumeMounts | nindent 12}}
+  {{- end }}
+  {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: vault-license
+              mountPath: /vault/license
+              readOnly: true
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's up the volumeClaimTemplates when data or audit storage is required.  HA
+might not use data storage since Consul is likely it's backend, however, audit
+storage might be desired by the user.
+*/}}
+{{- define "vault.volumeclaims" -}}
+  {{- if and (ne .mode "dev") (or .Values.server.dataStorage.enabled .Values.server.auditStorage.enabled) }}
+  volumeClaimTemplates:
+      {{- if and (eq (.Values.server.dataStorage.enabled | toString) "true") (or (eq .mode "standalone") (eq (.Values.server.ha.raft.enabled | toString ) "true" )) }}
+    - metadata:
+        name: data
+        {{- include "vault.dataVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.dataStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.dataStorage.size }}
+          {{- if .Values.server.dataStorage.storageClass }}
+        storageClassName: {{ .Values.server.dataStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+      {{- if eq (.Values.server.auditStorage.enabled | toString) "true" }}
+    - metadata:
+        name: audit
+        {{- include "vault.auditVolumeClaim.annotations" . | nindent 6 }}
+      spec:
+        accessModes:
+          - {{ .Values.server.auditStorage.accessMode | default "ReadWriteOnce" }}
+        resources:
+          requests:
+            storage: {{ .Values.server.auditStorage.size }}
+          {{- if .Values.server.auditStorage.storageClass }}
+        storageClassName: {{ .Values.server.auditStorage.storageClass }}
+          {{- end }}
+      {{ end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Set's the affinity for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.affinity" -}}
+  {{- if and (ne .mode "dev") .Values.server.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.server.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the injector affinity for pod placement
+*/}}
+{{- define "injector.affinity" -}}
+  {{- if .Values.injector.affinity }}
+      affinity:
+        {{ $tp := typeOf .Values.injector.affinity }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.affinity . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.affinity | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the topologySpreadConstraints when running in standalone and HA modes.
+*/}}
+{{- define "vault.topologySpreadConstraints" -}}
+  {{- if and (ne .mode "dev") .Values.server.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.server.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.server.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector topologySpreadConstraints for pod placement
+*/}}
+{{- define "injector.topologySpreadConstraints" -}}
+  {{- if .Values.injector.topologySpreadConstraints }}
+      topologySpreadConstraints:
+        {{ $tp := typeOf .Values.injector.topologySpreadConstraints }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.topologySpreadConstraints . | nindent 8 | trim }}
+        {{- else }}
+          {{- toYaml .Values.injector.topologySpreadConstraints | nindent 8 }}
+        {{- end }}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the toleration for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.tolerations" -}}
+  {{- if and (ne .mode "dev") .Values.server.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.server.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "injector.tolerations" -}}
+  {{- if .Values.injector.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.injector.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the node selector for pod placement when running in standalone and HA modes.
+*/}}
+{{- define "vault.nodeselector" -}}
+  {{- if and (ne .mode "dev") .Values.server.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.server.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.server.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.server.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector node selector for pod placement
+*/}}
+{{- define "injector.nodeselector" -}}
+  {{- if .Values.injector.nodeSelector }}
+      nodeSelector:
+      {{- $tp := typeOf .Values.injector.nodeSelector }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.injector.nodeSelector . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.injector.nodeSelector | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets the injector deployment update strategy
+*/}}
+{{- define "injector.strategy" -}}
+  {{- if .Values.injector.strategy }}
+  strategy:
+  {{- $tp := typeOf .Values.injector.strategy }}
+  {{- if eq $tp "string" }}
+    {{ tpl .Values.injector.strategy . | nindent 4 | trim }}
+  {{- else }}
+    {{- toYaml .Values.injector.strategy | nindent 4 }}
+  {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra pod annotations
+*/}}
+{{- define "vault.annotations" -}}
+  {{- if .Values.server.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.server.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector pod annotations
+*/}}
+{{- define "injector.annotations" -}}
+  {{- if .Values.injector.annotations }}
+      annotations:
+        {{- $tp := typeOf .Values.injector.annotations }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.annotations . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.annotations | nindent 8 }}
+        {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector service annotations
+*/}}
+{{- define "injector.service.annotations" -}}
+  {{- if .Values.injector.service.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector pod level.
+*/}}
+{{- define "injector.securityContext.pod" -}}
+  {{- if .Values.injector.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.injector.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.injector.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.injector.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.injector.gid | default 1000 }}
+        runAsUser: {{ .Values.injector.uid | default 100 }}
+        fsGroup: {{ .Values.injector.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the injector container level.
+*/}}
+{{- define "injector.securityContext.container" -}}
+  {{- if .Values.injector.securityContext.container}}
+          securityContext:
+            {{- $tp := typeOf .Values.injector.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.injector.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.injector.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset pod template.
+*/}}
+{{- define "server.statefulSet.securityContext.pod" -}}
+  {{- if .Values.server.statefulSet.securityContext.pod }}
+      securityContext:
+        {{- $tp := typeOf .Values.server.statefulSet.securityContext.pod }}
+        {{- if eq $tp "string" }}
+          {{- tpl .Values.server.statefulSet.securityContext.pod . | nindent 8 }}
+        {{- else }}
+          {{- toYaml .Values.server.statefulSet.securityContext.pod | nindent 8 }}
+        {{- end }}
+  {{- else if not .Values.global.openshift }}
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: {{ .Values.server.gid | default 1000 }}
+        runAsUser: {{ .Values.server.uid | default 100 }}
+        fsGroup: {{ .Values.server.gid | default 1000 }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+securityContext for the statefulset vault container
+*/}}
+{{- define "server.statefulSet.securityContext.container" -}}
+  {{- if .Values.server.statefulSet.securityContext.container }}
+          securityContext:
+            {{- $tp := typeOf .Values.server.statefulSet.securityContext.container }}
+            {{- if eq $tp "string" }}
+              {{- tpl .Values.server.statefulSet.securityContext.container . | nindent 12 }}
+            {{- else }}
+              {{- toYaml .Values.server.statefulSet.securityContext.container | nindent 12 }}
+            {{- end }}
+  {{- else if not .Values.global.openshift }}
+          securityContext:
+            allowPrivilegeEscalation: false
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets extra injector service account annotations
+*/}}
+{{- define "injector.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.injector.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.injector.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.injector.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.injector.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra injector webhook annotations
+*/}}
+{{- define "injector.webhookAnnotations" -}}
+  {{- if or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)  }}
+  annotations:
+    {{- $tp := typeOf (or (((.Values.injector.webhook)).annotations) (.Values.injector.webhookAnnotations)) }}
+    {{- if eq $tp "string" }}
+      {{- tpl (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) . | nindent 4 }}
+    {{- else }}
+      {{- toYaml (((.Values.injector.webhook)).annotations | default .Values.injector.webhookAnnotations) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the injector webhook objectSelector
+*/}}
+{{- define "injector.objectSelector" -}}
+  {{- $v := or (((.Values.injector.webhook)).objectSelector) (.Values.injector.objectSelector) -}}
+  {{ if $v }}
+    objectSelector:
+    {{- $tp := typeOf $v -}}
+    {{ if eq $tp "string" }}
+      {{ tpl $v . | indent 6 | trim }}
+    {{ else }}
+      {{ toYaml $v | indent 6 | trim }}
+    {{ end }}
+  {{ end }}
+{{ end }}
+
+{{/*
+Sets extra ui service annotations
+*/}}
+{{- define "vault.ui.annotations" -}}
+  {{- if .Values.ui.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.ui.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.ui.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.ui.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "vault.serviceAccount.name" -}}
+{{- if .Values.server.serviceAccount.create -}}
+    {{ default (include "vault.fullname" .) .Values.server.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.server.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Sets extra service account annotations
+*/}}
+{{- define "vault.serviceAccount.annotations" -}}
+  {{- if and (ne .mode "dev") .Values.server.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra ingress annotations
+*/}}
+{{- define "vault.ingress.annotations" -}}
+  {{- if .Values.server.ingress.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.ingress.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.ingress.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.ingress.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra route annotations
+*/}}
+{{- define "vault.route.annotations" -}}
+  {{- if .Values.server.route.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.route.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.route.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.route.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra vault server Service annotations
+*/}}
+{{- define "vault.service.annotations" -}}
+  {{- if .Values.server.service.annotations }}
+    {{- $tp := typeOf .Values.server.service.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.service.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.service.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets PodSecurityPolicy annotations
+*/}}
+{{- define "vault.psp.annotations" -}}
+  {{- if .Values.global.psp.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.global.psp.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.global.psp.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.global.psp.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra statefulset annotations
+*/}}
+{{- define "vault.statefulSet.annotations" -}}
+  {{- if .Values.server.statefulSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.server.statefulSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.statefulSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.statefulSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for data volume
+*/}}
+{{- define "vault.dataVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.dataStorage.enabled) (.Values.server.dataStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.dataStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.dataStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.dataStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets VolumeClaim annotations for audit volume
+*/}}
+{{- define "vault.auditVolumeClaim.annotations" -}}
+  {{- if and (ne .mode "dev") (.Values.server.auditStorage.enabled) (.Values.server.auditStorage.annotations) }}
+  annotations:
+    {{- $tp := typeOf .Values.server.auditStorage.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.server.auditStorage.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.server.auditStorage.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Set's the container resources if the user has set any.
+*/}}
+{{- define "vault.resources" -}}
+  {{- if .Values.server.resources -}}
+          resources:
+{{ toYaml .Values.server.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "injector.resources" -}}
+  {{- if .Values.injector.resources -}}
+          resources:
+{{ toYaml .Values.injector.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets the container resources if the user has set any.
+*/}}
+{{- define "csi.resources" -}}
+  {{- if .Values.csi.resources -}}
+          resources:
+{{ toYaml .Values.csi.resources | indent 12}}
+  {{ end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI daemonset annotations
+*/}}
+{{- define "csi.daemonSet.annotations" -}}
+  {{- if .Values.csi.daemonSet.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.daemonSet.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for pod template
+*/}}
+{{- define "csi.daemonSet.securityContext.pod" -}}
+  {{- if .Values.csi.daemonSet.securityContext.pod }}
+      securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.pod }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.pod . | nindent 8 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.pod | nindent 8 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets CSI daemonset securityContext for container
+*/}}
+{{- define "csi.daemonSet.securityContext.container" -}}
+  {{- if .Values.csi.daemonSet.securityContext.container }}
+          securityContext:
+    {{- $tp := typeOf .Values.csi.daemonSet.securityContext.container }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.daemonSet.securityContext.container . | nindent 12 }}
+    {{- else }}
+      {{- toYaml .Values.csi.daemonSet.securityContext.container | nindent 12 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+
+{{/*
+Sets the injector toleration for pod placement
+*/}}
+{{- define "csi.pod.tolerations" -}}
+  {{- if .Values.csi.pod.tolerations }}
+      tolerations:
+      {{- $tp := typeOf .Values.csi.pod.tolerations }}
+      {{- if eq $tp "string" }}
+        {{ tpl .Values.csi.pod.tolerations . | nindent 8 | trim }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.tolerations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI provider pod annotations
+*/}}
+{{- define "csi.pod.annotations" -}}
+  {{- if .Values.csi.pod.annotations }}
+      annotations:
+      {{- $tp := typeOf .Values.csi.pod.annotations }}
+      {{- if eq $tp "string" }}
+        {{- tpl .Values.csi.pod.annotations . | nindent 8 }}
+      {{- else }}
+        {{- toYaml .Values.csi.pod.annotations | nindent 8 }}
+      {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Sets extra CSI service account annotations
+*/}}
+{{- define "csi.serviceAccount.annotations" -}}
+  {{- if .Values.csi.serviceAccount.annotations }}
+  annotations:
+    {{- $tp := typeOf .Values.csi.serviceAccount.annotations }}
+    {{- if eq $tp "string" }}
+      {{- tpl .Values.csi.serviceAccount.annotations . | nindent 4 }}
+    {{- else }}
+      {{- toYaml .Values.csi.serviceAccount.annotations | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end -}}
+
+{{/*
+Inject extra environment vars in the format key:value, if populated
+*/}}
+{{- define "vault.extraEnvironmentVars" -}}
+{{- if .extraEnvironmentVars -}}
+{{- range $key, $value := .extraEnvironmentVars }}
+- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
+  value: {{ $value | quote }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Inject extra environment populated by secrets, if populated
+*/}}
+{{- define "vault.extraSecretEnvironmentVars" -}}
+{{- if .extraSecretEnvironmentVars -}}
+{{- range .extraSecretEnvironmentVars }}
+- name: {{ .envName }}
+  valueFrom:
+   secretKeyRef:
+     name: {{ .secretName }}
+     key: {{ .secretKey }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Scheme for health check and local endpoint */}}
+{{- define "vault.scheme" -}}
+{{- if .Values.global.tlsDisable -}}
+{{ "http" }}
+{{- else -}}
+{{ "https" }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+imagePullSecrets generates pull secrets from either string or map values.
+A map value must be indexable by the key 'name'.
+*/}}
+{{- define "imagePullSecrets" -}}
+{{- with .Values.global.imagePullSecrets -}}
+imagePullSecrets:
+{{- range . -}}
+{{- if typeIs "string" . }}
+  - name: {{ . }}
+{{- else if index . "name" }}
+  - name: {{ .name }}
+{{- end }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+externalTrafficPolicy sets a Service's externalTrafficPolicy if applicable.
+Supported inputs are Values.server.service and Values.ui
+*/}}
+{{- define "service.externalTrafficPolicy" -}}
+{{- $type := "" -}}
+{{- if .serviceType -}}
+{{- $type = .serviceType -}}
+{{- else if .type -}}
+{{- $type = .type -}}
+{{- end -}}
+{{- if and .externalTrafficPolicy (or (eq $type "LoadBalancer") (eq $type "NodePort")) }}
+  externalTrafficPolicy: {{ .externalTrafficPolicy }}
+{{- else }}
+{{- end }}
+{{- end -}}
+
+{{/*
+loadBalancer configuration for the the UI service.
+Supported inputs are Values.ui
+*/}}
+{{- define "service.loadBalancer" -}}
+{{- if  eq (.serviceType | toString) "LoadBalancer" }}
+{{- if .loadBalancerIP }}
+  loadBalancerIP: {{ .loadBalancerIP }}
+{{- end }}
+{{- with .loadBalancerSourceRanges }}
+  loadBalancerSourceRanges:
+{{- range . }}
+  - {{ . }}
+{{- end }}
+{{- end -}}
+{{- end }}
+{{- end -}}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-clusterrole.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-clusterrole.yaml
new file mode 100644
index 00000000000..ec6a3d2b9f0
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-clusterrole.yaml
@@ -0,0 +1,18 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - serviceaccounts/token
+  verbs:
+  - create
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-clusterrolebinding.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-clusterrolebinding.yaml
new file mode 100644
index 00000000000..d5b62a5f091
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrolebinding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-csi-provider-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-daemonset.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-daemonset.yaml
new file mode 100644
index 00000000000..d131aac5f5d
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-daemonset.yaml
@@ -0,0 +1,100 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.daemonSet.extraLabels -}}
+      {{- toYaml .Values.csi.daemonSet.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.daemonSet.annotations" . }}
+spec:
+  updateStrategy:
+    type: {{ .Values.csi.daemonSet.updateStrategy.type }}
+    {{- if .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    rollingUpdate:
+      maxUnavailable: {{ .Values.csi.daemonSet.updateStrategy.maxUnavailable }}
+    {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-csi-provider
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        {{- if  .Values.csi.pod.extraLabels -}}
+          {{- toYaml .Values.csi.pod.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "csi.pod.annotations" . }}
+    spec:
+      {{ template "csi.daemonSet.securityContext.pod" . }}
+      {{- if .Values.csi.priorityClassName }}
+      priorityClassName: {{ .Values.csi.priorityClassName }}
+      {{- end }}
+      serviceAccountName: {{ template "vault.fullname" . }}-csi-provider
+      {{- template "csi.pod.tolerations" . }}
+      containers:
+        - name: {{ include "vault.name" . }}-csi-provider
+          {{ template "csi.resources" . }}
+          {{ template "csi.daemonSet.securityContext.container" . }}
+          image: "{{ .Values.csi.image.repository }}:{{ .Values.csi.image.tag }}"
+          imagePullPolicy: {{ .Values.csi.image.pullPolicy }}
+          args:
+            - --endpoint=/provider/vault.sock
+            - --debug={{ .Values.csi.debug }}
+            {{- if .Values.csi.extraArgs }}
+              {{- toYaml .Values.csi.extraArgs | nindent 12 }}
+            {{- end }}
+          env:
+            - name: VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+          volumeMounts:
+            - name: providervol
+              mountPath: "/provider"
+            - name: mountpoint-dir
+              mountPath: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+              mountPropagation: HostToContainer
+            {{- if .Values.csi.volumeMounts }}
+              {{- toYaml .Values.csi.volumeMounts | nindent 12}}
+            {{- end }}
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.livenessProbe.timeoutSeconds }}
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: 8080
+            failureThreshold: {{ .Values.csi.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.csi.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.csi.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.csi.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.csi.readinessProbe.timeoutSeconds }}
+      volumes:
+        - name: providervol
+          hostPath:
+            path: {{ .Values.csi.daemonSet.providersDir }}
+        - name: mountpoint-dir
+          hostPath:
+            path: {{ .Values.csi.daemonSet.kubeletRootDir }}/pods
+       {{- if .Values.csi.volumes }}
+         {{- toYaml .Values.csi.volumes | nindent 8}}
+       {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-serviceaccount.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-serviceaccount.yaml
new file mode 100644
index 00000000000..8d6fa5329cb
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/csi-serviceaccount.yaml
@@ -0,0 +1,16 @@
+{{- template "vault.csiEnabled" . -}}
+{{- if .csiEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-csi-provider
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-csi-provider
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- if  .Values.csi.serviceAccount.extraLabels -}}
+      {{- toYaml .Values.csi.serviceAccount.extraLabels | nindent 4 -}}
+    {{- end -}}
+  {{ template "csi.serviceAccount.annotations" . }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-certs-secret.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-certs-secret.yaml
new file mode 100644
index 00000000000..e88685b5ebc
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-certs-secret.yaml
@@ -0,0 +1,14 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: vault-injector-certs
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-clusterrole.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-clusterrole.yaml
new file mode 100644
index 00000000000..6a0d6be1ae7
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-clusterrole.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ["admissionregistration.k8s.io"]
+  resources: ["mutatingwebhookconfigurations"]
+  verbs:
+    - "get"
+    - "list"
+    - "watch"
+    - "patch"
+{{ end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-clusterrolebinding.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-clusterrolebinding.yaml
new file mode 100644
index 00000000000..4c193f8a2ea
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-clusterrolebinding.yaml
@@ -0,0 +1,19 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-binding
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "vault.fullname" . }}-agent-injector-clusterrole
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+{{ end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-deployment.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-deployment.yaml
new file mode 100644
index 00000000000..f0605599edc
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-deployment.yaml
@@ -0,0 +1,156 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+# Deployment for the injector
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  replicas: {{ .Values.injector.replicas }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{ template "injector.strategy" . }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: webhook
+        {{- if  .Values.injector.extraLabels -}}
+          {{- toYaml .Values.injector.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "injector.annotations" . }}
+    spec:
+      {{ template "injector.affinity" . }}
+      {{ template "injector.topologySpreadConstraints" . }}
+      {{ template "injector.tolerations" . }}
+      {{ template "injector.nodeselector" . }}
+      {{- if .Values.injector.priorityClassName }}
+      priorityClassName: {{ .Values.injector.priorityClassName }}
+      {{- end }}
+      serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
+      {{ template "injector.securityContext.pod" . -}}
+      {{- if not .Values.global.openshift }}
+      hostNetwork: {{ .Values.injector.hostNetwork }}
+      {{- end }}
+      containers:
+        - name: sidecar-injector
+          {{ template "injector.resources" . }}
+          image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
+          imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
+          {{- template "injector.securityContext.container" . }}
+          env:
+            - name: AGENT_INJECT_LISTEN
+              value: {{ printf ":%v" .Values.injector.port  }}
+            - name: AGENT_INJECT_LOG_LEVEL
+              value: {{ .Values.injector.logLevel | default "info" }}
+            - name: AGENT_INJECT_VAULT_ADDR
+            {{- if .Values.global.externalVaultAddr }}
+              value: "{{ .Values.global.externalVaultAddr }}"
+            {{- else if .Values.injector.externalVaultAddr }}
+              value: "{{ .Values.injector.externalVaultAddr }}"
+            {{- else }}
+              value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+            {{- end }}
+            - name: AGENT_INJECT_VAULT_AUTH_PATH
+              value: {{ .Values.injector.authPath }}
+            - name: AGENT_INJECT_VAULT_IMAGE
+              value: "{{ .Values.injector.agentImage.repository }}:{{ .Values.injector.agentImage.tag }}"
+            {{- if .Values.injector.certs.secretName }}
+            - name: AGENT_INJECT_TLS_CERT_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.certName }}"
+            - name: AGENT_INJECT_TLS_KEY_FILE
+              value: "/etc/webhook/certs/{{ .Values.injector.certs.keyName }}"
+            {{- else }}
+            - name: AGENT_INJECT_TLS_AUTO
+              value: {{ template "vault.fullname" . }}-agent-injector-cfg
+            - name: AGENT_INJECT_TLS_AUTO_HOSTS
+              value: {{ template "vault.fullname" . }}-agent-injector-svc,{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }},{{ template "vault.fullname" . }}-agent-injector-svc.{{ .Release.Namespace }}.svc
+            {{- end }}
+            - name: AGENT_INJECT_LOG_FORMAT
+              value: {{ .Values.injector.logFormat | default "standard" }}
+            - name: AGENT_INJECT_REVOKE_ON_SHUTDOWN
+              value: "{{ .Values.injector.revokeOnShutdown | default false }}"
+            {{- if .Values.global.openshift }}
+            - name: AGENT_INJECT_SET_SECURITY_CONTEXT
+              value: "false"
+            {{- end }}
+            {{- if .Values.injector.metrics.enabled }}
+            - name: AGENT_INJECT_TELEMETRY_PATH
+              value: "/metrics"
+            {{- end }}
+            {{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+            - name: AGENT_INJECT_USE_LEADER_ELECTOR
+              value: "true"
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            {{- end }}
+            - name: AGENT_INJECT_CPU_REQUEST
+              value: "{{ .Values.injector.agentDefaults.cpuRequest }}"
+            - name: AGENT_INJECT_CPU_LIMIT
+              value: "{{ .Values.injector.agentDefaults.cpuLimit }}"
+            - name: AGENT_INJECT_MEM_REQUEST
+              value: "{{ .Values.injector.agentDefaults.memRequest }}"
+            - name: AGENT_INJECT_MEM_LIMIT
+              value: "{{ .Values.injector.agentDefaults.memLimit }}"
+            - name: AGENT_INJECT_DEFAULT_TEMPLATE
+              value: "{{ .Values.injector.agentDefaults.template }}"
+            - name: AGENT_INJECT_TEMPLATE_CONFIG_EXIT_ON_RETRY_FAILURE
+              value: "{{ .Values.injector.agentDefaults.templateConfig.exitOnRetryFailure }}"
+            {{- if .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}
+            - name: AGENT_INJECT_TEMPLATE_STATIC_SECRET_RENDER_INTERVAL
+              value: "{{ .Values.injector.agentDefaults.templateConfig.staticSecretRenderInterval }}"
+            {{- end }}
+            {{- include "vault.extraEnvironmentVars" .Values.injector | nindent 12 }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+          args:
+            - agent-inject
+            - 2>&1
+          livenessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+          readinessProbe:
+            httpGet:
+              path: /health/ready
+              port: {{ .Values.injector.port }}
+              scheme: HTTPS
+            failureThreshold: 2
+            initialDelaySeconds: 5
+            periodSeconds: 2
+            successThreshold: 1
+            timeoutSeconds: 5
+{{- if .Values.injector.certs.secretName }}
+          volumeMounts:
+            - name: webhook-certs
+              mountPath: /etc/webhook/certs
+              readOnly: true
+{{- end }}
+{{- if .Values.injector.certs.secretName }}
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: "{{ .Values.injector.certs.secretName }}"
+{{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+{{ end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-disruptionbudget.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-disruptionbudget.yaml
new file mode 100644
index 00000000000..b44fd7300b2
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-disruptionbudget.yaml
@@ -0,0 +1,20 @@
+{{- if .Values.injector.podDisruptionBudget }}
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    component: webhook
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  {{- toYaml .Values.injector.podDisruptionBudget | nindent 2 }}
+{{- end -}}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-mutating-webhook.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-mutating-webhook.yaml
new file mode 100644
index 00000000000..3d3fd367866
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-mutating-webhook.yaml
@@ -0,0 +1,39 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if .Capabilities.APIVersions.Has "admissionregistration.k8s.io/v1" }}
+apiVersion: admissionregistration.k8s.io/v1
+{{- else }}
+apiVersion: admissionregistration.k8s.io/v1beta1
+{{- end }}
+kind: MutatingWebhookConfiguration
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-cfg
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "injector.webhookAnnotations" . }}
+webhooks:
+  - name: vault.hashicorp.com
+    failurePolicy: {{ ((.Values.injector.webhook)).failurePolicy | default .Values.injector.failurePolicy }}
+    matchPolicy: {{ ((.Values.injector.webhook)).matchPolicy | default "Exact" }}
+    sideEffects: None
+    timeoutSeconds: {{ ((.Values.injector.webhook)).timeoutSeconds | default "30" }}
+    admissionReviewVersions: ["v1", "v1beta1"]
+    clientConfig:
+      service:
+        name: {{ template "vault.fullname" . }}-agent-injector-svc
+        namespace: {{ .Release.Namespace }}
+        path: "/mutate"
+      caBundle: {{ .Values.injector.certs.caBundle | quote }}
+    rules:
+      - operations: ["CREATE", "UPDATE"]
+        apiGroups: [""]
+        apiVersions: ["v1"]
+        resources: ["pods"]
+{{- if or (.Values.injector.namespaceSelector) (((.Values.injector.webhook)).namespaceSelector) }}
+    namespaceSelector:
+{{ toYaml (((.Values.injector.webhook)).namespaceSelector | default .Values.injector.namespaceSelector) | indent 6}}
+{{ end }}
+{{- template "injector.objectSelector" . -}}
+{{ end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-network-policy.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-network-policy.yaml
new file mode 100644
index 00000000000..68892d23b20
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-network-policy.yaml
@@ -0,0 +1,24 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.openshift | toString) "true" }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: webhook
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8080
+        protocol: TCP
+{{ end }}
+{{ end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-psp-role.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-psp-role.yaml
new file mode 100644
index 00000000000..5d23c7556e8
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-psp-role.yaml
@@ -0,0 +1,20 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-psp-rolebinding.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-psp-rolebinding.yaml
new file mode 100644
index 00000000000..4f6b0a851c3
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-psp.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-psp.yaml
new file mode 100644
index 00000000000..1eee2fcd045
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-psp.yaml
@@ -0,0 +1,46 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if eq (.Values.global.psp.enable | toString) "true" }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-role.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-role.yaml
new file mode 100644
index 00000000000..08c8264ccbd
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-role.yaml
@@ -0,0 +1,29 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+  - apiGroups: [""]
+    resources: ["secrets", "configmaps"]
+    verbs:
+      - "create"
+      - "get"
+      - "watch"
+      - "list"
+      - "update"
+  - apiGroups: [""]
+    resources: ["pods"]
+    verbs:
+      - "get"
+      - "patch"
+      - "delete"
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-rolebinding.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-rolebinding.yaml
new file mode 100644
index 00000000000..ea0db11b94c
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-rolebinding.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+{{- if and (eq (.Values.injector.leaderElector.enabled | toString) "true") (gt (.Values.injector.replicas | int) 1) }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-binding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-agent-injector-leader-elector-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}-agent-injector
+    namespace: {{ .Release.Namespace }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-service.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-service.yaml
new file mode 100644
index 00000000000..5e747d6f108
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-service.yaml
@@ -0,0 +1,22 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector-svc
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.service.annotations" . }}
+spec:
+  ports:
+  - name: https
+    port: 443
+    targetPort: {{ .Values.injector.port }}
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: webhook
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-serviceaccount.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-serviceaccount.yaml
new file mode 100644
index 00000000000..d1919b9366b
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/injector-serviceaccount.yaml
@@ -0,0 +1,13 @@
+{{- template "vault.injectorEnabled" . -}}
+{{- if .injectorEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.fullname" . }}-agent-injector
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}-agent-injector
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "injector.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-clusterrolebinding.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-clusterrolebinding.yaml
new file mode 100644
index 00000000000..8cdd611430d
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{ template "vault.serverAuthDelegator" . }}
+{{- if .serverAuthDelegator -}}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: ClusterRoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-server-binding
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
\ No newline at end of file
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-config-configmap.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-config-configmap.yaml
new file mode 100644
index 00000000000..f40c69608e3
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-config-configmap.yaml
@@ -0,0 +1,40 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if ne .mode "dev" -}}
+{{ if or (.Values.server.standalone.config) (.Values.server.ha.config) -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "vault.fullname" . }}-config
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+data:
+  extraconfig-from-values.hcl: |-
+  {{- if or (eq .mode "ha") (eq .mode "standalone") }}
+  {{- $type := typeOf (index .Values.server .mode).config }}
+  {{- if eq $type "string" }}
+    disable_mlock = true
+  {{- if eq .mode "standalone" }}
+    {{ tpl .Values.server.standalone.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "false") }}
+    {{ tpl .Values.server.ha.config . | nindent 4 | trim }}
+  {{- else if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+    {{ tpl .Values.server.ha.raft.config . | nindent 4 | trim }}
+  {{ end }}
+  {{- else }}
+  {{- if and (eq .mode "ha") (eq (.Values.server.ha.raft.enabled | toString) "true") }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).raft.config | toPrettyJson | indent 4 }}
+  {{- else }}
+{{ merge (dict "disable_mlock" true) (index .Values.server .mode).config | toPrettyJson | indent 4 }}
+  {{- end }}
+  {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-discovery-role.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-discovery-role.yaml
new file mode 100644
index 00000000000..9ca23dd4c6c
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-discovery-role.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  namespace: {{ .Release.Namespace }}
+  name: {{ template "vault.fullname" . }}-discovery-role
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: [""]
+  resources: ["pods"]
+  verbs: ["get", "watch", "list", "update", "patch"]
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-discovery-rolebinding.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-discovery-rolebinding.yaml
new file mode 100644
index 00000000000..6e22e4c2b7b
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-discovery-rolebinding.yaml
@@ -0,0 +1,29 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+{{- if eq .mode "ha" }}
+{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" -}}
+apiVersion: rbac.authorization.k8s.io/v1
+{{- else }}
+apiVersion: rbac.authorization.k8s.io/v1beta1
+{{- end }}
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-discovery-rolebinding
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "vault.fullname" . }}-discovery-role
+subjects:
+- kind: ServiceAccount
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-disruptionbudget.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-disruptionbudget.yaml
new file mode 100644
index 00000000000..d940fa4dac5
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-disruptionbudget.yaml
@@ -0,0 +1,26 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" -}}
+{{- if .serverEnabled -}}
+{{- if and (eq .mode "ha") (eq (.Values.server.ha.disruptionBudget.enabled | toString) "true") -}}
+# PodDisruptionBudget to prevent degrading the server cluster through
+# voluntary cluster changes.
+apiVersion: {{ ge .Capabilities.KubeVersion.Minor "21" | ternary "policy/v1" "policy/v1beta1" }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+spec:
+  maxUnavailable: {{ template "vault.pdb.maxUnavailable" . }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+{{- end -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-ha-active-service.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-ha-active-service.yaml
new file mode 100644
index 00000000000..e15d40ab0ba
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-ha-active-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for active Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-active
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.activeNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.activeNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "true"
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-ha-standby-service.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-ha-standby-service.yaml
new file mode 100644
index 00000000000..e6d66af8471
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-ha-standby-service.yaml
@@ -0,0 +1,45 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if eq .mode "ha" }}
+# Service for standby Vault pod
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-standby
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.standbyNodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.standbyNodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    vault-active: "false"
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-headless-service.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-headless-service.yaml
new file mode 100644
index 00000000000..fffaaacbbbc
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-headless-service.yaml
@@ -0,0 +1,33 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-internal
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: "{{ include "vault.scheme" . }}"
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-ingress.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-ingress.yaml
new file mode 100644
index 00000000000..c81e5f5cee0
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-ingress.yaml
@@ -0,0 +1,77 @@
+{{- if not .Values.global.openshift }}
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.ingress.enabled -}}
+{{- $extraPaths := .Values.server.ingress.extraPaths -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.ingress.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+{{- $servicePort := .Values.server.service.port -}}
+{{- $pathType := .Values.server.ingress.pathType -}}
+{{- $kubeVersion := .Capabilities.KubeVersion.Version }}
+{{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+apiVersion: networking.k8s.io/v1
+{{ else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }}
+apiVersion: networking.k8s.io/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end }}
+kind: Ingress
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.ingress.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.ingress.annotations" . }}
+spec:
+{{- if .Values.server.ingress.tls }}
+  tls:
+  {{- range .Values.server.ingress.tls }}
+    - hosts:
+      {{- range .hosts }}
+        - {{ . | quote }}
+      {{- end }}
+      secretName: {{ .secretName }}
+  {{- end }}
+{{- end }}
+{{- if .Values.server.ingress.ingressClassName }}
+  ingressClassName: {{ .Values.server.ingress.ingressClassName }}
+{{- end }}
+  rules:
+  {{- range .Values.server.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+{{ if $extraPaths }}
+{{ toYaml $extraPaths | indent 10 }}
+{{- end }}
+        {{- range (.paths | default (list "/")) }}
+          - path: {{ . }}
+            {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+            pathType: {{ $pathType }}
+            {{ end }}
+            backend:
+              {{ if semverCompare ">= 1.19.0-0" $kubeVersion }}
+              service:
+                name: {{ $serviceName }}
+                port:
+                  number: {{ $servicePort }}
+              {{ else }}
+              serviceName: {{ $serviceName }}
+              servicePort: {{ $servicePort }}
+              {{ end }}
+        {{- end }}
+  {{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-network-policy.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-network-policy.yaml
new file mode 100644
index 00000000000..5f4c21a4b50
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-network-policy.yaml
@@ -0,0 +1,26 @@
+{{- if eq (.Values.server.networkPolicy.enabled | toString) "true"  }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ template "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+      - port: 8200
+        protocol: TCP
+      - port: 8201
+        protocol: TCP
+  {{- if .Values.server.networkPolicy.egress }}
+  egress:
+  {{- toYaml .Values.server.networkPolicy.egress | nindent 4 }}
+  {{ end }}
+{{ end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-psp-role.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-psp-role.yaml
new file mode 100644
index 00000000000..b8eb897e5eb
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-psp-role.yaml
@@ -0,0 +1,20 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+rules:
+- apiGroups: ['policy']
+  resources: ['podsecuritypolicies']
+  verbs:     ['use']
+  resourceNames:
+    - {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-psp-rolebinding.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-psp-rolebinding.yaml
new file mode 100644
index 00000000000..fded9fbc624
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-psp-rolebinding.yaml
@@ -0,0 +1,21 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "vault.fullname" . }}-psp
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+roleRef:
+  kind: Role
+  name: {{ template "vault.fullname" . }}-psp
+  apiGroup: rbac.authorization.k8s.io
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "vault.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-psp.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-psp.yaml
new file mode 100644
index 00000000000..d210af3513a
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-psp.yaml
@@ -0,0 +1,49 @@
+{{ template "vault.mode" . }}
+{{- if .serverEnabled -}}
+{{- if and (ne .mode "") (eq (.Values.global.psp.enable | toString) "true") }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+  name: {{ template "vault.fullname" . }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- template "vault.psp.annotations" . }}
+spec:
+  privileged: false
+  # Required to prevent escalations to root.
+  allowPrivilegeEscalation: false
+  volumes:
+    - configMap
+    - emptyDir
+    - projected
+    - secret
+    - downwardAPI
+    {{- if eq (.Values.server.dataStorage.enabled | toString) "true" }}
+    - persistentVolumeClaim
+    {{- end }}
+  hostNetwork: false
+  hostIPC: false
+  hostPID: false
+  runAsUser:
+    # Require the container to run without root privileges.
+    rule: MustRunAsNonRoot
+  seLinux:
+    # This policy assumes the nodes are using AppArmor rather than SELinux.
+    rule: RunAsAny
+  supplementalGroups:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  fsGroup:
+    rule: MustRunAs
+    ranges:
+      # Forbid adding the root group.
+      - min: 1
+        max: 65535
+  readOnlyRootFilesystem: false
+{{- end }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-route.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-route.yaml
new file mode 100644
index 00000000000..e122d936ba5
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-route.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.global.openshift }}
+{{- if ne .mode "external" }}
+{{- if .Values.server.route.enabled -}}
+{{- $serviceName := include "vault.fullname" . -}}
+{{- if and (eq .mode "ha" ) (eq (.Values.server.route.activeService | toString) "true") }}
+{{- $serviceName = printf "%s-%s" $serviceName "active" -}}
+{{- end }}
+kind: Route
+apiVersion: route.openshift.io/v1
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+    {{- with .Values.server.route.labels }}
+      {{- toYaml . | nindent 4 }}
+    {{- end }}
+  {{- template "vault.route.annotations" . }}
+spec:
+  host: {{ .Values.server.route.host }}
+  to:
+    kind: Service
+    name: {{ $serviceName }}
+    weight: 100
+  port:
+    targetPort: 8200
+  tls:
+    {{- toYaml .Values.server.route.tls | nindent  4 }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-service.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-service.yaml
new file mode 100644
index 00000000000..3a9b0e7e52a
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-service.yaml
@@ -0,0 +1,44 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.serverServiceEnabled" . -}}
+{{- if .serverServiceEnabled -}}
+# Service for Vault cluster
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  annotations:
+{{ template "vault.service.annotations" .}}
+spec:
+  {{- if .Values.server.service.type}}
+  type: {{ .Values.server.service.type }}
+  {{- end}}
+  {{- if .Values.server.service.clusterIP }}
+  clusterIP: {{ .Values.server.service.clusterIP }}
+  {{- end }}
+  {{- include "service.externalTrafficPolicy" .Values.server.service }}
+  # We want the servers to become available even if they're not ready
+  # since this DNS is also used for join operations.
+  publishNotReadyAddresses: {{ .Values.server.service.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.server.service.port }}
+      targetPort: {{ .Values.server.service.targetPort }}
+      {{- if and (.Values.server.service.nodePort) (eq (.Values.server.service.type | toString) "NodePort") }}
+      nodePort: {{ .Values.server.service.nodePort }}
+      {{- end }}
+    - name: https-internal
+      port: 8201
+      targetPort: 8201
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+{{- end }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-serviceaccount.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-serviceaccount.yaml
new file mode 100644
index 00000000000..c0d32d190c1
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-serviceaccount.yaml
@@ -0,0 +1,14 @@
+{{ template "vault.serverServiceAccountEnabled" . }}
+{{- if .serverServiceAccountEnabled -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ template "vault.serviceAccount.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{ template "vault.serviceAccount.annotations" . }}
+{{ end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-statefulset.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-statefulset.yaml
new file mode 100644
index 00000000000..afc48d695d9
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/server-statefulset.yaml
@@ -0,0 +1,206 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if ne .mode "" }}
+{{- if .serverEnabled -}}
+# StatefulSet to run the actual vault server cluster.
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ template "vault.fullname" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.statefulSet.annotations" . }}
+spec:
+  serviceName: {{ template "vault.fullname" . }}-internal
+  podManagementPolicy: Parallel
+  replicas: {{ template "vault.replicas" . }}
+  updateStrategy:
+    type: {{ .Values.server.updateStrategyType }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ template "vault.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
+      component: server
+  template:
+    metadata:
+      labels:
+        helm.sh/chart: {{ template "vault.chart" . }}
+        app.kubernetes.io/name: {{ template "vault.name" . }}
+        app.kubernetes.io/instance: {{ .Release.Name }}
+        component: server
+        {{- if  .Values.server.extraLabels -}}
+          {{- toYaml .Values.server.extraLabels | nindent 8 -}}
+        {{- end -}}
+      {{ template "vault.annotations" . }}
+    spec:
+      {{ template "vault.affinity" . }}
+      {{ template "vault.topologySpreadConstraints" . }}
+      {{ template "vault.tolerations" . }}
+      {{ template "vault.nodeselector" . }}
+      {{- if .Values.server.priorityClassName }}
+      priorityClassName: {{ .Values.server.priorityClassName }}
+      {{- end }}
+      terminationGracePeriodSeconds: {{ .Values.server.terminationGracePeriodSeconds }}
+      serviceAccountName: {{ template "vault.serviceAccount.name" . }}
+      {{ if  .Values.server.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{ end }}
+      {{- template "server.statefulSet.securityContext.pod" . }}
+      volumes:
+        {{ template "vault.volumes" . }}
+        - name: home
+          emptyDir: {}
+      {{- if .Values.server.extraInitContainers }}
+      initContainers:
+        {{ toYaml .Values.server.extraInitContainers | nindent 8}}
+      {{- end }}
+      containers:
+        - name: vault
+          {{ template "vault.resources" . }}
+          image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+          imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          command:
+          - "/bin/sh"
+          - "-ec"
+          args: {{ template "vault.args" . }}
+          {{- template "server.statefulSet.securityContext.container" . }}
+          env:
+            - name: HOST_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.hostIP
+            - name: POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            - name: VAULT_K8S_POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_K8S_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: VAULT_ADDR
+              value: "{{ include "vault.scheme" . }}://127.0.0.1:8200"
+            - name: VAULT_API_ADDR
+              {{- if .Values.server.ha.apiAddr }}
+              value: {{ .Values.server.ha.apiAddr }}
+              {{- else }}
+              value: "{{ include "vault.scheme" . }}://$(POD_IP):8200"
+              {{- end }}
+            - name: SKIP_CHOWN
+              value: "true"
+            - name: SKIP_SETCAP
+              value: "true"
+            - name: HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: VAULT_CLUSTER_ADDR
+              {{- if .Values.server.ha.clusterAddr }}
+              value: {{ .Values.server.ha.clusterAddr }}
+              {{- else }}
+              value: "https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201"
+              {{- end }}
+            {{- if and (eq (.Values.server.ha.raft.enabled | toString) "true") (eq (.Values.server.ha.raft.setNodeId | toString) "true") }}
+            - name: VAULT_RAFT_NODE_ID
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            {{- end }}
+            - name: HOME
+              value: "/home/vault"
+            {{- if .Values.server.logLevel }}
+            - name: VAULT_LOG_LEVEL
+              value: "{{ .Values.server.logLevel }}"
+            {{- end }}
+            {{- if .Values.server.logFormat }}
+            - name: VAULT_LOG_FORMAT
+              value: "{{ .Values.server.logFormat }}"
+            {{- end }}
+            {{- if (and .Values.server.enterpriseLicense.secretName .Values.server.enterpriseLicense.secretKey) }}
+            - name: VAULT_LICENSE_PATH
+              value: /vault/license/{{ .Values.server.enterpriseLicense.secretKey }}
+            {{- end }}
+            {{ template "vault.envs" . }}
+            {{- include "vault.extraEnvironmentVars" .Values.server | nindent 12 }}
+            {{- include "vault.extraSecretEnvironmentVars" .Values.server | nindent 12 }}
+          volumeMounts:
+          {{ template "vault.mounts" . }}
+            - name: home
+              mountPath: /home/vault
+          ports:
+            - containerPort: 8200
+              name: {{ include "vault.scheme" . }}
+            - containerPort: 8201
+              name: https-internal
+            - containerPort: 8202
+              name: {{ include "vault.scheme" . }}-rep
+          {{- if .Values.server.readinessProbe.enabled }}
+          readinessProbe:
+            {{- if .Values.server.readinessProbe.path }}
+            httpGet:
+              path: {{ .Values.server.readinessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            {{- else }}
+            # Check status; unsealed vault servers return 0
+            # The exit code reflects the seal status:
+            #   0 - unsealed
+            #   1 - error
+            #   2 - sealed
+            exec:
+              command: ["/bin/sh", "-ec", "vault status -tls-skip-verify"]
+            {{- end }}
+            failureThreshold: {{ .Values.server.readinessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.readinessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.readinessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.readinessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.readinessProbe.timeoutSeconds }}
+          {{- end }}
+          {{- if .Values.server.livenessProbe.enabled }}
+          livenessProbe:
+            httpGet:
+              path: {{ .Values.server.livenessProbe.path | quote }}
+              port: 8200
+              scheme: {{ include "vault.scheme" . | upper }}
+            failureThreshold: {{ .Values.server.livenessProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.server.livenessProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.server.livenessProbe.periodSeconds }}
+            successThreshold: {{ .Values.server.livenessProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.server.livenessProbe.timeoutSeconds }}
+          {{- end }}
+          lifecycle:
+            # Vault container doesn't receive SIGTERM from Kubernetes
+            # and after the grace period ends, Kube sends SIGKILL.  This
+            # causes issues with graceful shutdowns such as deregistering itself
+            # from Consul (zombie services).
+            preStop:
+              exec:
+                command: [
+                  "/bin/sh", "-c",
+                  # Adding a sleep here to give the pod eviction a
+                  # chance to propagate, so requests will not be made
+                  # to this pod while it's terminating
+                  "sleep {{ .Values.server.preStopSleepSeconds }} && kill -SIGTERM $(pidof vault)",
+                ]
+            {{- if .Values.server.postStart }}
+            postStart:
+              exec:
+                command:
+                {{- range (.Values.server.postStart) }}
+                - {{ . | quote }}
+                {{- end }}
+            {{- end }}
+        {{- if .Values.server.extraContainers }}
+          {{ toYaml .Values.server.extraContainers | nindent 8}}
+        {{- end }}
+      {{- include "imagePullSecrets" . | nindent 6 }}
+  {{ template "vault.volumeclaims" . }}
+{{ end }}
+{{ end }}
+{{ end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/tests/server-test.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/tests/server-test.yaml
new file mode 100644
index 00000000000..56dbee78cd7
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/tests/server-test.yaml
@@ -0,0 +1,51 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- if .serverEnabled -}}
+apiVersion: v1
+kind: Pod
+metadata:
+  name: "{{ .Release.Name }}-server-test"
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": test
+spec:
+  {{- include "imagePullSecrets" . | nindent 2 }}
+  containers:
+    - name: {{ .Release.Name }}-server-test
+      image: {{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default "latest" }}
+      imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+      env:
+        - name: VAULT_ADDR
+          value: {{ include "vault.scheme" . }}://{{ template "vault.fullname" . }}.{{ .Release.Namespace }}.svc:{{ .Values.server.service.port }}
+        {{- include "vault.extraEnvironmentVars" .Values.server | nindent 8 }}
+      command:
+        - /bin/sh
+        - -c
+        - |
+          echo "Checking for sealed info in 'vault status' output"
+          ATTEMPTS=10
+          n=0
+          until [ "$n" -ge $ATTEMPTS ]
+          do
+            echo "Attempt" $n...
+            vault status -format yaml | grep -E '^sealed: (true|false)' && break
+            n=$((n+1))
+            sleep 5
+          done
+          if [ $n -ge $ATTEMPTS ]; then
+            echo "timed out looking for sealed info in 'vault status' output"
+            exit 1
+          fi
+
+          exit 0
+      volumeMounts:
+        {{- if .Values.server.volumeMounts }}
+          {{- toYaml .Values.server.volumeMounts | nindent 8}}
+        {{- end }}
+  volumes:
+    {{- if .Values.server.volumes }}
+      {{- toYaml .Values.server.volumes | nindent 4}}
+    {{- end }}
+  restartPolicy: Never
+{{- end }}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/ui-service.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/ui-service.yaml
new file mode 100644
index 00000000000..d45afdda4fa
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/templates/ui-service.yaml
@@ -0,0 +1,37 @@
+{{ template "vault.mode" . }}
+{{- if ne .mode "external" }}
+{{- template "vault.uiEnabled" . -}}
+{{- if .uiEnabled -}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "vault.fullname" . }}-ui
+  namespace: {{ .Release.Namespace }}
+  labels:
+    helm.sh/chart: {{ include "vault.chart" . }}
+    app.kubernetes.io/name: {{ include "vault.name" . }}-ui
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  {{- template "vault.ui.annotations" . }}
+spec:
+  selector:
+    app.kubernetes.io/name: {{ include "vault.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    component: server
+    {{- if and (.Values.ui.activeVaultPodOnly) (eq .mode "ha") }}
+    vault-active: "true"
+    {{- end }}
+  publishNotReadyAddresses: {{ .Values.ui.publishNotReadyAddresses }}
+  ports:
+    - name: {{ include "vault.scheme" . }}
+      port: {{ .Values.ui.externalPort }}
+      targetPort: {{ .Values.ui.targetPort }}
+      {{- if .Values.ui.serviceNodePort }}
+      nodePort: {{ .Values.ui.serviceNodePort }}
+      {{- end }}
+  type: {{ .Values.ui.serviceType }}
+  {{- include "service.externalTrafficPolicy" .Values.ui }}
+  {{- include "service.loadBalancer" .Values.ui }}
+{{- end -}}
+{{- end }}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/values.openshift.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/values.openshift.yaml
new file mode 100644
index 00000000000..a1c48f02f21
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/values.openshift.yaml
@@ -0,0 +1,18 @@
+# These overrides are appropriate defaults for deploying this chart on OpenShift
+
+global:
+  openshift: true
+
+injector:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+
+server:
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/values.schema.json b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/values.schema.json
new file mode 100644
index 00000000000..aad7ee7fcc7
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/values.schema.json
@@ -0,0 +1,1027 @@
+{
+    "$schema": "http://json-schema.org/schema#",
+    "type": "object",
+    "properties": {
+        "csi": {
+            "type": "object",
+            "properties": {
+                "daemonSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "kubeletRootDir": {
+                            "type": "string"
+                        },
+                        "providersDir": {
+                            "type": "string"
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        },
+                        "updateStrategy": {
+                            "type": "object",
+                            "properties": {
+                                "maxUnavailable": {
+                                    "type": "string"
+                                },
+                                "type": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "debug": {
+                    "type": "boolean"
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "extraArgs": {
+                    "type": "array"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "pod": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        },
+                        "tolerations": {
+                            "type": [
+                                "null",
+                                "array",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "extraLabels": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "global": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean"
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "imagePullSecrets": {
+                    "type": "array"
+                },
+                "openshift": {
+                    "type": "boolean"
+                },
+                "psp": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enable": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "tlsDisable": {
+                    "type": "boolean"
+                }
+            }
+        },
+        "injector": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "agentDefaults": {
+                    "type": "object",
+                    "properties": {
+                        "cpuLimit": {
+                            "type": "string"
+                        },
+                        "cpuRequest": {
+                            "type": "string"
+                        },
+                        "memLimit": {
+                            "type": "string"
+                        },
+                        "memRequest": {
+                            "type": "string"
+                        },
+                        "template": {
+                            "type": "string"
+                        },
+                        "templateConfig": {
+                            "type": "object",
+                            "properties": {
+                                "exitOnRetryFailure": {
+                                    "type": "boolean"
+                                },
+                                "staticSecretRenderInterval": {
+                                    "type": "string"
+                                }
+                            }
+                        }
+                    }
+                },
+                "agentImage": {
+                    "type": "object",
+                    "properties": {
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "authPath": {
+                    "type": "string"
+                },
+                "certs": {
+                    "type": "object",
+                    "properties": {
+                        "caBundle": {
+                            "type": "string"
+                        },
+                        "certName": {
+                            "type": "string"
+                        },
+                        "keyName": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalVaultAddr": {
+                    "type": "string"
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "failurePolicy": {
+                    "type": "string"
+                },
+                "hostNetwork": {
+                    "type": "boolean"
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "leaderElector": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "metrics": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "namespaceSelector": {
+                    "type": "object"
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "objectSelector": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "podDisruptionBudget": {
+                    "type": "object"
+                },
+                "port": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "replicas": {
+                    "type": "integer"
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "revokeOnShutdown": {
+                    "type": "boolean"
+                },
+                "securityContext": {
+                    "type": "object",
+                    "properties": {
+                        "container": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "pod": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "strategy": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "webhook": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "failurePolicy": {
+                            "type": "string"
+                        },
+                        "matchPolicy": {
+                            "type": "string"
+                        },
+                        "namespaceSelector": {
+                            "type": "object"
+                        },
+                        "objectSelector": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "webhookAnnotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                }
+            }
+        },
+        "server": {
+            "type": "object",
+            "properties": {
+                "affinity": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "auditStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "authDelegator": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "dataStorage": {
+                    "type": "object",
+                    "properties": {
+                        "accessMode": {
+                            "type": "string"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "boolean",
+                                "string"
+                            ]
+                        },
+                        "mountPath": {
+                            "type": "string"
+                        },
+                        "size": {
+                            "type": "string"
+                        },
+                        "storageClass": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        }
+                    }
+                },
+                "dev": {
+                    "type": "object",
+                    "properties": {
+                        "devRootToken": {
+                            "type": "string"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "enterpriseLicense": {
+                    "type": "object",
+                    "properties": {
+                        "secretKey": {
+                            "type": "string"
+                        },
+                        "secretName": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "extraArgs": {
+                    "type": "string"
+                },
+                "extraContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraEnvironmentVars": {
+                    "type": "object"
+                },
+                "extraInitContainers": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "extraLabels": {
+                    "type": "object"
+                },
+                "extraSecretEnvironmentVars": {
+                    "type": "array"
+                },
+                "extraVolumes": {
+                    "type": "array"
+                },
+                "ha": {
+                    "type": "object",
+                    "properties": {
+                        "apiAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "clusterAddr": {
+                            "type": [
+                                "null",
+                                "string"
+                            ]
+                        },
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "disruptionBudget": {
+                            "type": "object",
+                            "properties": {
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "maxUnavailable": {
+                                    "type": [
+                                        "null",
+                                        "integer"
+                                    ]
+                                }
+                            }
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "raft": {
+                            "type": "object",
+                            "properties": {
+                                "config": {
+                                    "type": [
+                                        "string",
+                                        "object"
+                                    ]
+                                },
+                                "enabled": {
+                                    "type": "boolean"
+                                },
+                                "setNodeId": {
+                                    "type": "boolean"
+                                }
+                            }
+                        },
+                        "replicas": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "pullPolicy": {
+                            "type": "string"
+                        },
+                        "repository": {
+                            "type": "string"
+                        },
+                        "tag": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "ingress": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "extraPaths": {
+                            "type": "array"
+                        },
+                        "hosts": {
+                            "type": "array",
+                            "items": {
+                                "type": "object",
+                                "properties": {
+                                    "host": {
+                                        "type": "string"
+                                    },
+                                    "paths": {
+                                        "type": "array"
+                                    }
+                                }
+                            }
+                        },
+                        "ingressClassName": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "pathType": {
+                            "type": "string"
+                        },
+                        "tls": {
+                            "type": "array"
+                        }
+                    }
+                },
+                "livenessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "path": {
+                            "type": "string"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "logFormat": {
+                    "type": "string"
+                },
+                "logLevel": {
+                    "type": "string"
+                },
+                "networkPolicy": {
+                    "type": "object",
+                    "properties": {
+                        "egress": {
+                            "type": "array"
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        }
+                    }
+                },
+                "nodeSelector": {
+                    "type": [
+                        "null",
+                        "object",
+                        "string"
+                    ]
+                },
+                "postStart": {
+                    "type": "array"
+                },
+                "preStopSleepSeconds": {
+                    "type": "integer"
+                },
+                "priorityClassName": {
+                    "type": "string"
+                },
+                "readinessProbe": {
+                    "type": "object",
+                    "properties": {
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "failureThreshold": {
+                            "type": "integer"
+                        },
+                        "initialDelaySeconds": {
+                            "type": "integer"
+                        },
+                        "periodSeconds": {
+                            "type": "integer"
+                        },
+                        "successThreshold": {
+                            "type": "integer"
+                        },
+                        "timeoutSeconds": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "resources": {
+                    "type": "object"
+                },
+                "route": {
+                    "type": "object",
+                    "properties": {
+                        "activeService": {
+                            "type": "boolean"
+                        },
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "host": {
+                            "type": "string"
+                        },
+                        "labels": {
+                            "type": "object"
+                        },
+                        "tls": {
+                            "type": "object"
+                        }
+                    }
+                },
+                "service": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "enabled": {
+                            "type": "boolean"
+                        },
+                        "externalTrafficPolicy": {
+                            "type": "string"
+                        },
+                        "port": {
+                            "type": "integer"
+                        },
+                        "publishNotReadyAddresses": {
+                            "type": "boolean"
+                        },
+                        "targetPort": {
+                            "type": "integer"
+                        },
+                        "nodePort": {
+                            "type": "integer"
+                        },
+                        "activeNodePort": {
+                            "type": "integer"
+                        },
+                        "standbyNodePort": {
+                            "type": "integer"
+                        }
+                    }
+                },
+                "serviceAccount": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "create": {
+                            "type": "boolean"
+                        },
+                        "name": {
+                            "type": "string"
+                        }
+                    }
+                },
+                "shareProcessNamespace": {
+                    "type": "boolean"
+                },
+                "standalone": {
+                    "type": "object",
+                    "properties": {
+                        "config": {
+                            "type": [
+                                "string",
+                                "object"
+                            ]
+                        },
+                        "enabled": {
+                            "type": [
+                                "string",
+                                "boolean"
+                            ]
+                        }
+                    }
+                },
+                "statefulSet": {
+                    "type": "object",
+                    "properties": {
+                        "annotations": {
+                            "type": [
+                                "object",
+                                "string"
+                            ]
+                        },
+                        "securityContext": {
+                            "type": "object",
+                            "properties": {
+                                "container": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                },
+                                "pod": {
+                                    "type": [
+                                        "object",
+                                        "string"
+                                    ]
+                                }
+                            }
+                        }
+                    }
+                },
+                "terminationGracePeriodSeconds": {
+                    "type": "integer"
+                },
+                "tolerations": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "topologySpreadConstraints": {
+                    "type": [
+                        "null",
+                        "array",
+                        "string"
+                    ]
+                },
+                "updateStrategyType": {
+                    "type": "string"
+                },
+                "volumeMounts": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                },
+                "volumes": {
+                    "type": [
+                        "null",
+                        "array"
+                    ]
+                }
+            }
+        },
+        "ui": {
+            "type": "object",
+            "properties": {
+                "activeVaultPodOnly": {
+                    "type": "boolean"
+                },
+                "annotations": {
+                    "type": [
+                        "object",
+                        "string"
+                    ]
+                },
+                "enabled": {
+                    "type": [
+                        "boolean",
+                        "string"
+                    ]
+                },
+                "externalPort": {
+                    "type": "integer"
+                },
+                "externalTrafficPolicy": {
+                    "type": "string"
+                },
+                "publishNotReadyAddresses": {
+                    "type": "boolean"
+                },
+                "serviceNodePort": {
+                    "type": [
+                        "null",
+                        "integer"
+                    ]
+                },
+                "serviceType": {
+                    "type": "string"
+                },
+                "targetPort": {
+                    "type": "integer"
+                }
+            }
+        }
+    }
+}
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/values.yaml b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/values.yaml
new file mode 100644
index 00000000000..b7721cdac57
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/0.21.0/src/values.yaml
@@ -0,0 +1,898 @@
+# Available parameters and their default values for the Vault chart.
+global:
+  # enabled is the master enabled switch. Setting this to true or false
+  # will enable or disable all the components within this chart by default.
+  enabled: true
+  # Image pull secret to use for registry authentication.
+  # Alternatively, the value may be specified as an array of strings.
+  imagePullSecrets: []
+  # imagePullSecrets:
+  #   - name: image-pull-secret
+
+  # TLS for end-to-end encrypted transport
+  tlsDisable: true
+  # External vault server address for the injector and CSI provider to use.
+  # Setting this will disable deployment of a vault server.
+  externalVaultAddr: ""
+  # If deploying to OpenShift
+  openshift: true
+  # Create PodSecurityPolicy for pods
+  psp:
+    enable: false
+    # Annotation for PodSecurityPolicy.
+    # This is a multi-line templated string map, and can also be set as YAML.
+    annotations: |
+      seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default
+      apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
+      seccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default
+      apparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default
+injector:
+  # True if you want to enable vault agent injection.
+  # @default: global.enabled
+  enabled: "-"
+  replicas: 1
+  # Configures the port the injector should listen on
+  port: 8080
+  # If multiple replicas are specified, by default a leader will be determined
+  # so that only one injector attempts to create TLS certificates.
+  leaderElector:
+    enabled: true
+  # If true, will enable a node exporter metrics endpoint at /metrics.
+  metrics:
+    enabled: false
+  # Deprecated: Please use global.externalVaultAddr instead.
+  externalVaultAddr: ""
+  # image sets the repo and tag of the vault-k8s image to use for the injector.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault-k8s"
+    tag: "0.17.0-ubi"
+    pullPolicy: IfNotPresent
+  # agentImage sets the repo and tag of the Vault image to use for the Vault Agent
+  # containers.  This should be set to the official Vault image.  Vault 1.3.1+ is
+  # required.
+  agentImage:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+  # The default values for the injected Vault Agent containers.
+  agentDefaults:
+    # For more information on configuring resources, see the K8s documentation:
+    # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+    cpuLimit: "500m"
+    cpuRequest: "250m"
+    memLimit: "128Mi"
+    memRequest: "64Mi"
+    # Default template type for secrets when no custom template is specified.
+    # Possible values include: "json" and "map".
+    template: "map"
+    # Default values within Agent's template_config stanza.
+    templateConfig:
+      exitOnRetryFailure: true
+      staticSecretRenderInterval: ""
+  # Mount Path of the Vault Kubernetes Auth Method.
+  authPath: "auth/kubernetes"
+  # Configures the log verbosity of the injector.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: "info"
+  # Configures the log format of the injector. Supported log formats: "standard", "json".
+  logFormat: "standard"
+  # Configures all Vault Agent sidecars to revoke their token when shutting down
+  revokeOnShutdown: false
+  webhook:
+    # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+    # API Version of the WebHook.
+    # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+    #
+    failurePolicy: Ignore
+    # matchPolicy specifies the approach to accepting changes based on the rules of
+    # the MutatingWebhookConfiguration.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-matchpolicy
+    # for more details.
+    #
+    matchPolicy: Exact
+    # timeoutSeconds is the amount of seconds before the webhook request will be ignored
+    # or fails.
+    # If it is ignored or fails depends on the failurePolicy
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#timeouts
+    # for more details.
+    #
+    timeoutSeconds: 30
+    # namespaceSelector is the selector for restricting the webhook to only
+    # specific namespaces.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+    # for more details.
+    # Example:
+    # namespaceSelector:
+    #    matchLabels:
+    #      sidecar-injector: enabled
+    namespaceSelector: {}
+    # objectSelector is the selector for restricting the webhook to only
+    # specific labels.
+    # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+    # for more details.
+    # Example:
+    # objectSelector:
+    #    matchLabels:
+    #      vault-sidecar-injector: enabled
+    objectSelector: |
+      matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: NotIn
+        values:
+        - {{ template "vault.name" . }}-agent-injector
+    # Extra annotations to attach to the webhook
+    annotations: {}
+  # Deprecated: please use 'webhook.failurePolicy' instead
+  # Configures failurePolicy of the webhook. The "unspecified" default behaviour depends on the
+  # API Version of the WebHook.
+  # To block pod creation while webhook is unavailable, set the policy to `Fail` below.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#failure-policy
+  #
+  failurePolicy: Ignore
+  # Deprecated: please use 'webhook.namespaceSelector' instead
+  # namespaceSelector is the selector for restricting the webhook to only
+  # specific namespaces.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-namespaceselector
+  # for more details.
+  # Example:
+  # namespaceSelector:
+  #    matchLabels:
+  #      sidecar-injector: enabled
+  namespaceSelector: {}
+  # Deprecated: please use 'webhook.objectSelector' instead
+  # objectSelector is the selector for restricting the webhook to only
+  # specific labels.
+  # See https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#matching-requests-objectselector
+  # for more details.
+  # Example:
+  # objectSelector:
+  #    matchLabels:
+  #      vault-sidecar-injector: enabled
+  objectSelector: {}
+  # Deprecated: please use 'webhook.annotations' instead
+  # Extra annotations to attach to the webhook
+  webhookAnnotations: {}
+  certs:
+    # secretName is the name of the secret that has the TLS certificate and
+    # private key to serve the injector webhook. If this is null, then the
+    # injector will default to its automatic management mode that will assign
+    # a service account to the injector to generate its own certificates.
+    secretName: null
+    # caBundle is a base64-encoded PEM-encoded certificate bundle for the CA
+    # that signed the TLS certificate that the webhook serves. This must be set
+    # if secretName is non-null, unless an external service like cert-manager is
+    # keeping the caBundle updated.
+    caBundle: ""
+    # certName and keyName are the names of the files within the secret for
+    # the TLS cert and private key, respectively. These have reasonable
+    # defaults but can be customized if necessary.
+    certName: tls.crt
+    keyName: tls.key
+  # Security context for the pod template and the injector container
+  # The default pod securityContext is:
+  #   runAsNonRoot: true
+  #   runAsGroup: {{ .Values.injector.gid | default 1000 }}
+  #   runAsUser: {{ .Values.injector.uid | default 100 }}
+  #   fsGroup: {{ .Values.injector.gid | default 1000 }}
+  # and for container is
+  #    allowPrivilegeEscalation: false
+  #    capabilities:
+  #      drop:
+  #        - ALL
+  securityContext:
+    pod: {}
+    container: {}
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # extraEnvironmentVars is a list of extra environment variables to set in the
+  # injector deployment.
+  extraEnvironmentVars: {}
+  # KUBERNETES_SERVICE_HOST: kubernetes.default.svc
+
+  # Affinity Settings for injector pods
+  # This can either be multi-line string or YAML matching the PodSpec's affinity field.
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment of multiple replicas to single node services such as Minikube.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: webhook
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for injector pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for injector pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Priority class for injector pods
+  priorityClassName: ""
+  # Extra annotations to attach to the injector pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the injector pods
+  annotations: {}
+  # Extra labels to attach to the agent-injector
+  # This should be a YAML map of the labels to apply to the injector
+  extraLabels: {}
+  # Should the injector pods run on the host network (useful when using
+  # an alternate CNI in EKS)
+  hostNetwork: false
+  # Injector service specific config
+  service:
+    # Extra annotations to attach to the injector service
+    annotations: {}
+  # Injector serviceAccount specific config
+  serviceAccount:
+    # Extra annotations to attach to the injector serviceAccount
+    annotations: {}
+  # A disruption budget limits the number of pods of a replicated application
+  # that are down simultaneously from voluntary disruptions
+  podDisruptionBudget: {}
+  # podDisruptionBudget:
+  #   maxUnavailable: 1
+
+  # strategy for updating the deployment. This can be a multi-line string or a
+  # YAML map.
+  strategy: {}
+  # strategy: |
+  #   rollingUpdate:
+  #     maxSurge: 25%
+  #     maxUnavailable: 25%
+  #   type: RollingUpdate
+server:
+  # If true, or "-" with global.enabled true, Vault server will be installed.
+  # See vault.mode in _helpers.tpl for implementation details.
+  enabled: "-"
+  # [Enterprise Only] This value refers to a Kubernetes secret that you have
+  # created that contains your enterprise license. If you are not using an
+  # enterprise image or if you plan to introduce the license key via another
+  # route, then leave secretName blank ("") or set it to null.
+  # Requires Vault Enterprise 1.8 or later.
+  enterpriseLicense:
+    # The name of the Kubernetes secret that holds the enterprise license. The
+    # secret must be in the same namespace that Vault is installed into.
+    secretName: ""
+    # The key within the Kubernetes secret that holds the enterprise license.
+    secretKey: "license"
+  # Resource requests, limits, etc. for the server cluster placement. This
+  # should map directly to the value of the resources field for a PodSpec.
+  # By default no direct resource request is made.
+  image:
+    repository: "registry.connect.redhat.com/hashicorp/vault"
+    tag: "1.11.2-ubi"
+    # Overrides the default Image Pull Policy
+    pullPolicy: IfNotPresent
+  # Configure the Update Strategy Type for the StatefulSet
+  # See https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  updateStrategyType: "OnDelete"
+  # Configure the logging verbosity for the Vault server.
+  # Supported log levels include: trace, debug, info, warn, error
+  logLevel: ""
+  # Configure the logging format for the Vault server.
+  # Supported log formats include: standard, json
+  logFormat: ""
+  resources: {}
+  # resources:
+  #   requests:
+  #     memory: 256Mi
+  #     cpu: 250m
+  #   limits:
+  #     memory: 256Mi
+  #     cpu: 250m
+
+  # Ingress allows ingress services to be created to allow external access
+  # from Kubernetes to access Vault pods.
+  # If deployment is on OpenShift, the following block is ignored.
+  # In order to expose the service, use the route section below
+  ingress:
+    enabled: false
+    labels: {}
+    # traffic: external
+    annotations: {}
+    # |
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    #   or
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+
+    # Optionally use ingressClassName instead of deprecated annotation.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#deprecated-annotation
+    ingressClassName: ""
+    # As of Kubernetes 1.19, all Ingress Paths must have a pathType configured. The default value below should be sufficient in most cases.
+    # See: https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types for other possible values.
+    pathType: Prefix
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the ingress to point to the Vault active service.
+    activeService: true
+    hosts:
+      - host: chart-example.local
+        paths: []
+    ## Extra paths to prepend to the host configuration. This is useful when working with annotation based services.
+    extraPaths: []
+    # - path: /*
+    #   backend:
+    #     service:
+    #       name: ssl-redirect
+    #       port:
+    #         number: use-annotation
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
+  # OpenShift only - create a route to expose the service
+  # By default the created route will be of type passthrough
+  route:
+    enabled: false
+    # When HA mode is enabled and K8s service registration is being used,
+    # configure the route to point to the Vault active service.
+    activeService: true
+    labels: {}
+    annotations: {}
+    host: chart-example.local
+    # tls will be passed directly to the route's TLS config, which
+    # can be used to configure other termination methods that terminate
+    # TLS at the router
+    tls:
+      termination: passthrough
+  # authDelegator enables a cluster role binding to be attached to the service
+  # account.  This cluster role binding can be used to setup Kubernetes auth
+  # method.  https://www.vaultproject.io/docs/auth/kubernetes.html
+  authDelegator:
+    enabled: true
+  # extraInitContainers is a list of init containers. Specified as a YAML list.
+  # This is useful if you need to run a script to provision TLS certificates or
+  # write out configuration files in a dynamic way.
+  extraInitContainers: null
+  # # This example installs a plugin pulled from github into the /usr/local/libexec/vault/oauthapp folder,
+  # # which is defined in the volumes value.
+  # - name: oauthapp
+  #   image: "alpine"
+  #   command: [sh, -c]
+  #   args:
+  #     - cd /tmp &&
+  #       wget https://github.com/puppetlabs/vault-plugin-secrets-oauthapp/releases/download/v1.2.0/vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64.tar.xz -O oauthapp.xz &&
+  #       tar -xf oauthapp.xz &&
+  #       mv vault-plugin-secrets-oauthapp-v1.2.0-linux-amd64 /usr/local/libexec/vault/oauthapp &&
+  #       chmod +x /usr/local/libexec/vault/oauthapp
+  #   volumeMounts:
+  #     - name: plugins
+  #       mountPath: /usr/local/libexec/vault
+
+  # extraContainers is a list of sidecar containers. Specified as a YAML list.
+  extraContainers: null
+  # shareProcessNamespace enables process namespace sharing between Vault and the extraContainers
+  # This is useful if Vault must be signaled, e.g. to send a SIGHUP for log rotation
+  shareProcessNamespace: false
+  # extraArgs is a string containing additional Vault server arguments.
+  extraArgs: ""
+  # Used to define custom readinessProbe settings
+  readinessProbe:
+    enabled: true
+    # If you need to use a http path instead of the default exec
+    # path: /v1/sys/health?standbyok=true
+
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to enable a livenessProbe for the pods
+  livenessProbe:
+    enabled: false
+    path: "/v1/sys/health?standbyok=true"
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 60
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Optional duration in seconds the pod needs to terminate gracefully.
+  # See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
+  terminationGracePeriodSeconds: 10
+  # Used to set the sleep time during the preStop step
+  preStopSleepSeconds: 5
+  # Used to define commands to run after the pod is ready.
+  # This can be used to automate processes such as initialization
+  # or boostrapping auth methods.
+  postStart: []
+  # - /bin/sh
+  # - -c
+  # - /vault/userconfig/myscript/run.sh
+
+  # extraEnvironmentVars is a list of extra environment variables to set with the stateful set. These could be
+  # used to include variables required for auto-unseal.
+  extraEnvironmentVars: {}
+  # GOOGLE_REGION: global
+  # GOOGLE_PROJECT: myproject
+  # GOOGLE_APPLICATION_CREDENTIALS: /vault/userconfig/myproject/myproject-creds.json
+
+  # extraSecretEnvironmentVars is a list of extra environment variables to set with the stateful set.
+  # These variables take value from existing Secret objects.
+  extraSecretEnvironmentVars: []
+  # - envName: AWS_SECRET_ACCESS_KEY
+  #   secretName: vault
+  #   secretKey: AWS_SECRET_ACCESS_KEY
+
+  # Deprecated: please use 'volumes' instead.
+  # extraVolumes is a list of extra volumes to mount. These will be exposed
+  # to Vault in the path `/vault/userconfig/<name>/`. The value below is
+  # an array of objects, examples are shown below.
+  extraVolumes: []
+  # - type: secret (or "configMap")
+  #   name: my-secret
+  #   path: null # default is `/vault/userconfig`
+
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  #   - name: plugins
+  #     emptyDir: {}
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  #   - mountPath: /usr/local/libexec/vault
+  #     name: plugins
+  #     readOnly: true
+
+  # Affinity Settings
+  # Commenting out or setting as empty the affinity variable, will allow
+  # deployment to single node services such as Minikube
+  # This should be either a multi-line string or YAML matching the PodSpec's affinity field.
+  affinity: |
+    podAntiAffinity:
+      requiredDuringSchedulingIgnoredDuringExecution:
+        - labelSelector:
+            matchLabels:
+              app.kubernetes.io/name: {{ template "vault.name" . }}
+              app.kubernetes.io/instance: "{{ .Release.Name }}"
+              component: server
+          topologyKey: kubernetes.io/hostname
+  # Topology settings for server pods
+  # ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
+  # This should be either a multi-line string or YAML matching the topologySpreadConstraints array
+  # in a PodSpec.
+  topologySpreadConstraints: []
+  # Toleration Settings for server pods
+  # This should be either a multi-line string or YAML matching the Toleration array
+  # in a PodSpec.
+  tolerations: []
+  # nodeSelector labels for server pod assignment, formatted as a multi-line string or YAML map.
+  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+  # Example:
+  # nodeSelector:
+  #   beta.kubernetes.io/arch: amd64
+  nodeSelector: {}
+  # Enables network policy for server pods
+  networkPolicy:
+    enabled: false
+    egress: []
+    # egress:
+    # - to:
+    #   - ipBlock:
+    #       cidr: 10.0.0.0/24
+    #   ports:
+    #   - protocol: TCP
+    #     port: 443
+  # Priority class for server pods
+  priorityClassName: ""
+  # Extra labels to attach to the server pods
+  # This should be a YAML map of the labels to apply to the server pods
+  extraLabels: {}
+  # Extra annotations to attach to the server pods
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the server pods
+  annotations: {}
+  # Enables a headless service to be used by the Vault Statefulset
+  service:
+    enabled: true
+    # clusterIP controls whether a Cluster IP address is attached to the
+    # Vault service within Kubernetes.  By default the Vault service will
+    # be given a Cluster IP address, set to None to disable.  When disabled
+    # Kubernetes will create a "headless" service.  Headless services can be
+    # used to communicate with pods directly through DNS instead of a round robin
+    # load balancer.
+    # clusterIP: None
+
+    # Configures the service type for the main Vault service.  Can be ClusterIP
+    # or NodePort.
+    #type: ClusterIP
+
+    # Do not wait for pods to be ready
+    publishNotReadyAddresses: true
+    # The externalTrafficPolicy can be set to either Cluster or Local
+    # and is only valid for LoadBalancer and NodePort service types.
+    # The default value is Cluster.
+    # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+    externalTrafficPolicy: Cluster
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #nodePort: 30000
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #activeNodePort: 30001
+
+    # When HA mode is enabled
+    # If type is set to "NodePort", a specific nodePort value can be configured,
+    # will be random if left blank.
+    #standbyNodePort: 30002
+
+    # Port on which Vault server is listening
+    port: 8200
+    # Target port to which the service should be mapped to
+    targetPort: 8200
+    # Extra annotations for the service definition. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the service.
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for data
+  # storage when using the file or raft backend storage engines.
+  # See https://www.vaultproject.io/docs/configuration/storage/index.html to know more
+  dataStorage:
+    enabled: true
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/data"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # This configures the Vault Statefulset to create a PVC for audit
+  # logs.  Once Vault is deployed, initialized and unsealed, Vault must
+  # be configured to use this for audit logs.  This will be mounted to
+  # /vault/audit
+  # See https://www.vaultproject.io/docs/audit/index.html to know more
+  auditStorage:
+    enabled: false
+    # Size of the PVC created
+    size: 10Gi
+    # Location where the PVC will be mounted.
+    mountPath: "/vault/audit"
+    # Name of the storage class to use.  If null it will use the
+    # configured default Storage Class.
+    storageClass: null
+    # Access Mode of the storage device being used for the PVC
+    accessMode: ReadWriteOnce
+    # Annotations to apply to the PVC
+    annotations: {}
+  # Run Vault in "dev" mode. This requires no further setup, no state management,
+  # and no initialization. This is useful for experimenting with Vault without
+  # needing to unseal, store keys, et. al. All data is lost on restart - do not
+  # use dev mode for anything other than experimenting.
+  # See https://www.vaultproject.io/docs/concepts/dev-server.html to know more
+  dev:
+    enabled: false
+    # Set VAULT_DEV_ROOT_TOKEN_ID value
+    devRootToken: "root"
+  # Run Vault in "standalone" mode. This is the default mode that will deploy if
+  # no arguments are given to helm. This requires a PVC for data storage to use
+  # the "file" backend.  This mode is not highly available and should not be scaled
+  # past a single replica.
+  standalone:
+    enabled: "-"
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a PersistentVolumeClaim mounted at /vault/data
+    # and store data there. This is only used when using a Replica count of 1, and
+    # using a stateful set. This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "file" {
+        path = "/vault/data"
+      }
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+  # Run Vault in "HA" mode. There are no storage requirements unless audit log
+  # persistence is required.  In HA mode Vault will configure itself to use Consul
+  # for its storage backend.  The default configuration provided will work the Consul
+  # Helm project by default.  It is possible to manually configure Vault to use a
+  # different HA backend.
+  ha:
+    enabled: false
+    replicas: 3
+    # Set the api_addr configuration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#api_addr
+    # If set to null, this will be set to the Pod IP Address
+    apiAddr: null
+    # Set the cluster_addr confuguration for Vault HA
+    # See https://www.vaultproject.io/docs/configuration#cluster_addr
+    # If set to null, this will be set to https://$(HOSTNAME).{{ template "vault.fullname" . }}-internal:8201
+    clusterAddr: null
+    # Enables Vault's integrated Raft storage.  Unlike the typical HA modes where
+    # Vault's persistence is external (such as Consul), enabling Raft mode will create
+    # persistent volumes for Vault to store data according to the configuration under server.dataStorage.
+    # The Vault cluster will coordinate leader elections and failovers internally.
+    raft:
+      # Enables Raft integrated storage
+      enabled: false
+      # Set the Node Raft ID to the name of the pod
+      setNodeId: false
+      # Note: Configuration files are stored in ConfigMaps so sensitive data
+      # such as passwords should be either mounted through extraSecretEnvironmentVars
+      # or through a Kube secret.  For more information see:
+      # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+      config: |
+        ui = true
+
+        listener "tcp" {
+          tls_disable = 1
+          address = "[::]:8200"
+          cluster_address = "[::]:8201"
+        }
+
+        storage "raft" {
+          path = "/vault/data"
+        }
+
+        service_registration "kubernetes" {}
+    # config is a raw string of default configuration when using a Stateful
+    # deployment. Default is to use a Consul for its HA storage backend.
+    # This should be HCL.
+
+    # Note: Configuration files are stored in ConfigMaps so sensitive data
+    # such as passwords should be either mounted through extraSecretEnvironmentVars
+    # or through a Kube secret.  For more information see:
+    # https://www.vaultproject.io/docs/platform/k8s/helm/run#protecting-sensitive-vault-configurations
+    config: |
+      ui = true
+
+      listener "tcp" {
+        tls_disable = 1
+        address = "[::]:8200"
+        cluster_address = "[::]:8201"
+      }
+      storage "consul" {
+        path = "vault"
+        address = "HOST_IP:8500"
+      }
+
+      service_registration "kubernetes" {}
+
+      # Example configuration for using auto-unseal, using Google Cloud KMS. The
+      # GKMS keys must already exist, and the cluster must have a service account
+      # that is authorized to access GCP KMS.
+      #seal "gcpckms" {
+      #   project     = "vault-helm-dev-246514"
+      #   region      = "global"
+      #   key_ring    = "vault-helm-unseal-kr"
+      #   crypto_key  = "vault-helm-unseal-key"
+      #}
+    # A disruption budget limits the number of pods of a replicated application
+    # that are down simultaneously from voluntary disruptions
+    disruptionBudget:
+      enabled: true
+      # maxUnavailable will default to (n/2)-1 where n is the number of
+      # replicas. If you'd like a custom value, you can specify an override here.
+      maxUnavailable: null
+  # Definition of the serviceAccount used to run Vault.
+  # These options are also used when using an external Vault server to validate
+  # Kubernetes tokens.
+  serviceAccount:
+    # Specifies whether a service account should be created
+    create: true
+    # The name of the service account to use.
+    # If not set and create is true, a name is generated using the fullname template
+    name: ""
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+  # Settings for the statefulSet used to run Vault.
+  statefulSet:
+    # Extra annotations for the statefulSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the statefulSet.
+    annotations: {}
+    # Set the pod and container security contexts.
+    # If not set, these will default to, and for *not* OpenShift:
+    # pod:
+    #   runAsNonRoot: true
+    #   runAsGroup: {{ .Values.server.gid | default 1000 }}
+    #   runAsUser: {{ .Values.server.uid | default 100 }}
+    #   fsGroup: {{ .Values.server.gid | default 1000 }}
+    # container: {}
+    #
+    # If not set, these will default to, and for OpenShift:
+    # pod: {}
+    # container:
+    #   allowPrivilegeEscalation: false
+    securityContext:
+      pod: {}
+      container: {}
+# Vault UI
+ui:
+  # True if you want to create a Service entry for the Vault UI.
+  #
+  # serviceType can be used to control the type of service created. For
+  # example, setting this to "LoadBalancer" will create an external load
+  # balancer (for supported K8S installations) to access the UI.
+  enabled: false
+  publishNotReadyAddresses: true
+  # The service should only contain selectors for active Vault pod
+  activeVaultPodOnly: false
+  serviceType: "ClusterIP"
+  serviceNodePort: null
+  externalPort: 8200
+  targetPort: 8200
+  # The externalTrafficPolicy can be set to either Cluster or Local
+  # and is only valid for LoadBalancer and NodePort service types.
+  # The default value is Cluster.
+  # ref: https://kubernetes.io/docs/concepts/services-networking/service/#external-traffic-policy
+  externalTrafficPolicy: Cluster
+  #loadBalancerSourceRanges:
+  #   - 10.0.0.0/16
+  #   - 1.78.23.3/32
+
+  # loadBalancerIP:
+
+  # Extra annotations to attach to the ui service
+  # This can either be YAML or a YAML-formatted multi-line templated string map
+  # of the annotations to apply to the ui service
+  annotations: {}
+# secrets-store-csi-driver-provider-vault
+csi:
+  # True if you want to install a secrets-store-csi-driver-provider-vault daemonset.
+  #
+  # Requires installing the secrets-store-csi-driver separately, see:
+  # https://github.com/kubernetes-sigs/secrets-store-csi-driver#install-the-secrets-store-csi-driver
+  #
+  # With the driver and provider installed, you can mount Vault secrets into volumes
+  # similar to the Vault Agent injector, and you can also sync those secrets into
+  # Kubernetes secrets.
+  enabled: false
+  image:
+    repository: "hashicorp/vault-csi-provider"
+    tag: "1.2.0"
+    pullPolicy: IfNotPresent
+  # volumes is a list of volumes made available to all containers. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumes: null
+  # - name: tls
+  #   secret:
+  #     secretName: vault-tls
+
+  # volumeMounts is a list of volumeMounts for the main server container. These are rendered
+  # via toYaml rather than pre-processed like the extraVolumes value.
+  # The purpose is to make it easy to share volumes between containers.
+  volumeMounts: null
+  # - name: tls
+  #   mountPath: "/vault/tls"
+  #   readOnly: true
+
+  resources: {}
+  # resources:
+  #   requests:
+  #     cpu: 50m
+  #     memory: 128Mi
+  #   limits:
+  #     cpu: 50m
+  #     memory: 128Mi
+
+  # Settings for the daemonSet used to run the provider.
+  daemonSet:
+    updateStrategy:
+      type: RollingUpdate
+      maxUnavailable: ""
+    # Extra annotations for the daemonSet. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the daemonSet.
+    annotations: {}
+    # Provider host path (must match the CSI provider's path)
+    providersDir: "/etc/kubernetes/secrets-store-csi-providers"
+    # Kubelet host path
+    kubeletRootDir: "/var/lib/kubelet"
+    # Extra labels to attach to the vault-csi-provider daemonSet
+    # This should be a YAML map of the labels to apply to the csi provider daemonSet
+    extraLabels: {}
+    # security context for the pod template and container in the csi provider daemonSet
+    securityContext:
+      pod: {}
+      container: {}
+  pod:
+    # Extra annotations for the provider pods. This can either be YAML or a
+    # YAML-formatted multi-line templated string map of the annotations to apply
+    # to the pod.
+    annotations: {}
+    # Toleration Settings for provider pods
+    # This should be either a multi-line string or YAML matching the Toleration array
+    # in a PodSpec.
+    tolerations: []
+    # Extra labels to attach to the vault-csi-provider pod
+    # This should be a YAML map of the labels to apply to the csi provider pod
+    extraLabels: {}
+  # Priority class for csi pods
+  priorityClassName: ""
+  serviceAccount:
+    # Extra annotations for the serviceAccount definition. This can either be
+    # YAML or a YAML-formatted multi-line templated string map of the
+    # annotations to apply to the serviceAccount.
+    annotations: {}
+    # Extra labels to attach to the vault-csi-provider serviceAccount
+    # This should be a YAML map of the labels to apply to the csi provider serviceAccount
+    extraLabels: {}
+  # Used to configure readinessProbe for the pods.
+  readinessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Used to configure livenessProbe for the pods.
+  livenessProbe:
+    # When a probe fails, Kubernetes will try failureThreshold times before giving up
+    failureThreshold: 2
+    # Number of seconds after the container has started before probe initiates
+    initialDelaySeconds: 5
+    # How often (in seconds) to perform the probe
+    periodSeconds: 5
+    # Minimum consecutive successes for the probe to be considered successful after having failed
+    successThreshold: 1
+    # Number of seconds after which the probe times out.
+    timeoutSeconds: 3
+  # Enables debug logging.
+  debug: false
+  # Pass arbitrary additional arguments to vault-csi-provider.
+  # See https://www.vaultproject.io/docs/platform/k8s/csi/configurations#command-line-arguments
+  # for the available command line flags.
+  extraArgs: []
diff --git a/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/OWNERS b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/OWNERS
new file mode 100644
index 00000000000..4b0e28043f6
--- /dev/null
+++ b/charts/partners/testopenshifthelmchart27021617/test-openshift-helm-chart/OWNERS
@@ -0,0 +1,11 @@
+chart:
+  name: test-openshift-helm-chart
+  shortDescription: unknown
+providerDelivery: false
+publicPgpKey: unknown
+users:
+- githubUsername: bovem
+- githubUsername: opcert
+vendor:
+  label: testopenshifthelmchart27021617
+  name: test-qa-automation-user
diff --git a/scripts/Makefile b/scripts/Makefile
new file mode 100644
index 00000000000..3c4753054cf
--- /dev/null
+++ b/scripts/Makefile
@@ -0,0 +1,56 @@
+PY_BIN ?= python3
+
+# The virtualenv containing code style tools.
+VENV_CODESTYLE = venv.codestyle
+VENV_CODESTYLE_BIN = $(VENV_CODESTYLE)/bin
+
+# The virtualenv containing our CI scripts
+VENV_TOOLS = venv.tools
+VENV_TOOLS_BIN = $(VENV_TOOLS)/bin
+
+# This is what we pass to git ls-files.
+LS_FILES_INPUT_STR ?= 'src/*.py'
+
+.PHONY: default
+default: format lint
+
+# The same as format, but will throw a non-zero exit code
+# if the formatter had to make changes.
+.PHONY: ci.format
+ci.format: format
+	git diff --exit-code
+
+venv.codestyle:
+	$(MAKE) venv.codestyle.always-reinstall
+
+# This target will always install the codestyle venv.
+# Useful for development cases.
+.PHONY: venv.codestyle.always-reinstall
+venv.codestyle.always-reinstall:
+	$(PY_BIN) -m venv $(VENV_CODESTYLE)
+	./$(VENV_CODESTYLE_BIN)/pip install --upgrade \
+		black \
+		ruff
+
+.PHONY: format
+format: venv.codestyle
+	./$(VENV_CODESTYLE_BIN)/black \
+		--verbose \
+		$$(git ls-files $(LS_FILES_INPUT_STR))
+
+.PHONY: lint
+lint: venv.codestyle
+	./$(VENV_CODESTYLE_BIN)/ruff \
+		check \
+		$$(git ls-files $(LS_FILES_INPUT_STR))
+
+venv.tools:
+	$(MAKE) venv.tools.always-reinstall
+
+# This target will always install the tools at the venv.
+# Useful for development cases.
+.PHONY: venv.tools.always-reinstall
+venv.tools.always-reinstall:
+	$(PY_BIN) -m venv $(VENV_TOOLS)
+	./$(VENV_TOOLS_BIN)/pip install -r requirements.txt
+	./$(VENV_TOOLS_BIN)/pip install .
diff --git a/scripts/dependencies/helm-chart-releaser/chart-releaser_1.2.0_linux_amd64.tar.gz b/scripts/dependencies/helm-chart-releaser/chart-releaser_1.2.0_linux_amd64.tar.gz
deleted file mode 100644
index bd3e0f419dd..00000000000
Binary files a/scripts/dependencies/helm-chart-releaser/chart-releaser_1.2.0_linux_amd64.tar.gz and /dev/null differ
diff --git a/scripts/dependencies/helm-chart-releaser/chart-releaser_1.3.0_linux_amd64.tar.gz b/scripts/dependencies/helm-chart-releaser/chart-releaser_1.3.0_linux_amd64.tar.gz
deleted file mode 100644
index 323122af312..00000000000
Binary files a/scripts/dependencies/helm-chart-releaser/chart-releaser_1.3.0_linux_amd64.tar.gz and /dev/null differ
diff --git a/scripts/get-secrets b/scripts/get-secrets
old mode 100644
new mode 100755
diff --git a/scripts/pyproject.toml b/scripts/pyproject.toml
new file mode 100644
index 00000000000..fed528d4a7a
--- /dev/null
+++ b/scripts/pyproject.toml
@@ -0,0 +1,3 @@
+[build-system]
+requires = ["setuptools"]
+build-backend = "setuptools.build_meta"
diff --git a/scripts/requirements.txt b/scripts/requirements.txt
index c9eb5768998..98e38b4ffd8 100644
--- a/scripts/requirements.txt
+++ b/scripts/requirements.txt
@@ -1,7 +1,7 @@
 attrs==21.2.0
 certifi==2020.12.5
 chardet==4.0.0
-docker==5.0.0
+docker==6.1.3
 environs==9.5.0
 execnet==1.9.0
 gitdb==4.0.7
@@ -9,7 +9,7 @@ GitPython==3.1.18
 glob2==0.7
 idna==2.10
 iniconfig==1.1.1
-Mako==1.1.4
+mako==1.2.3
 MarkupSafe==2.0.1
 packaging==21.0
 parse==1.19.0
@@ -23,8 +23,8 @@ pytest==6.2.4
 pytest-bdd==4.1.0
 pytest-forked==1.3.0
 pytest-xdist==2.4.0
-PyYAML==5.4.1
-requests==2.25.1
+PyYAML==6.0.1
+requests==2.26.0
 retrying==1.3.3
 semantic-version==2.8.5
 semver==2.13.0
diff --git a/scripts/ruff.toml b/scripts/ruff.toml
new file mode 100644
index 00000000000..af87f9db59c
--- /dev/null
+++ b/scripts/ruff.toml
@@ -0,0 +1,4 @@
+ignore = [
+    "E402", # import ordering (komish): import ordering isn't handled by Black so we need to handle this manually.
+    "E501", # line length (komish): line length is not enforced by Black so we need to handle these manually.
+] 
\ No newline at end of file
diff --git a/scripts/setup.cfg b/scripts/setup.cfg
index 6a832f1975e..ebc5ae9d18f 100644
--- a/scripts/setup.cfg
+++ b/scripts/setup.cfg
@@ -1,7 +1,3 @@
-[build-system]
-requires = ["setuptools", "wheel"]
-build-backend = "setuptools.build_meta"
-
 [metadata]
 name = rh-chart-repo-manager
 version = 0.1.0
@@ -22,7 +18,7 @@ classifiers =
 package_dir =
     = src
 packages = find:
-python_requires = >=3.6
+python_requires = >=3.10
 install_requires =
     PyYAML
     requests
@@ -48,4 +44,7 @@ console_scripts =
     check-user = owners.checkuser:main
     metrics = metrics.metrics:main
     get-verify-params = report.get_verify_params:main
+    pushowners=metrics.pushowners:main
+    update-index=updateindex.updateindex:main
+    user-is-repo-owner=owners.user_is_repo_owner:main
 
diff --git a/scripts/src/chartprreview/chartprreview.py b/scripts/src/chartprreview/chartprreview.py
index 4ef72b80cd7..4d0f7d5dbcd 100644
--- a/scripts/src/chartprreview/chartprreview.py
+++ b/scripts/src/chartprreview/chartprreview.py
@@ -1,25 +1,31 @@
 import re
 import os
+import os.path
 import sys
 import argparse
 import subprocess
 import hashlib
 
-import environs
 from environs import Env
 
 import semver
 import semantic_version
 import requests
 import yaml
+
 try:
-    from yaml import CLoader as Loader, CDumper as Dumper
+    from yaml import CLoader as Loader
 except ImportError:
-    from yaml import Loader, Dumper
+    from yaml import Loader
 
-sys.path.append('../')
+sys.path.append("../")
 from report import report_info
 from report import verifier_report
+from signedchart import signedchart
+from pullrequest import prartifact
+from reporegex import matchers
+from tools import gitutils
+
 
 def write_error_log(directory, *msg):
     os.makedirs(directory, exist_ok=True)
@@ -29,6 +35,7 @@ def write_error_log(directory, *msg):
             fd.write(line)
             fd.write("\n")
 
+
 def get_vendor_type(directory):
     vendor_type = os.environ.get("VENDOR_TYPE")
     if not vendor_type or vendor_type not in {"partner", "redhat", "community"}:
@@ -37,20 +44,26 @@ def get_vendor_type(directory):
         sys.exit(1)
     return vendor_type
 
-def get_labels(api_url):
-    # api_url https://api.github.com/repos/<organization-name>/<repository-name>/pulls/1
-    headers = {'Accept': 'application/vnd.github.v3+json'}
-    r = requests.get(api_url, headers=headers)
-    return r.json()["labels"]
 
 def get_modified_charts(directory, api_url):
-    print("[INFO] Get modified charts. %s" %directory)
-    files_api_url = f'{api_url}/files'
-    headers = {'Accept': 'application/vnd.github.v3+json'}
-    r = requests.get(files_api_url, headers=headers)
-    pattern = re.compile(r"charts/(\w+)/([\w-]+)/([\w-]+)/([\w\.-]+)/.*")
-    for f in r.json():
-        m = pattern.match(f["filename"])
+    """Get the category, organization, chart name, and new version corresponding to
+    the chart being added.
+
+    Args:
+        directory (str): Local directory in which to write the error logs
+        api_url (str): URL of the GitHub PR
+
+    Returns:
+        (str, str, str, str): category, organization, chart, and version (e.g. partner,
+                              hashicorp, vault, 1.4.0)
+    """
+    print("[INFO] Get modified charts. %s" % directory)
+    files = prartifact.get_modified_files(api_url)
+    pattern = re.compile(
+        matchers.submission_path_matcher(strict_categories=False) + r"/.*"
+    )
+    for file_path in files:
+        m = pattern.match(file_path)
         if m:
             category, organization, chart, version = m.groups()
             return category, organization, chart, version
@@ -59,8 +72,20 @@ def get_modified_charts(directory, api_url):
     write_error_log(directory, msg)
     sys.exit(1)
 
+
 def verify_user(directory, username, category, organization, chart):
-    print("[INFO] Verify user. %s, %s, %s, %s"% (username, category, organization, chart))
+    """Check that the user that submitted the PR is in the OWNERS file for this chart.
+
+    Args:
+        directory (str): Local directory in which to write the error logs
+        username (str): Github username that submitted the PR.
+        category (str): Type of profile (community, partners, or redhat)
+        organization (str): Name of the organization (ex: hashicorp)
+        chart (str): Name of the chart (ex: vault)
+    """
+    print(
+        "[INFO] Verify user. %s, %s, %s, %s" % (username, category, organization, chart)
+    )
     owners_path = os.path.join("charts", category, organization, chart, "OWNERS")
     if not os.path.exists(owners_path):
         msg = f"[ERROR] {owners_path} file does not exist."
@@ -69,13 +94,32 @@ def verify_user(directory, username, category, organization, chart):
 
     data = open(owners_path).read()
     out = yaml.load(data, Loader=Loader)
-    if username not in [x['githubUsername'] for x in out['users']]:
+    if username not in [x["githubUsername"] for x in out["users"]]:
         msg = f"[ERROR] {username} is not allowed to submit the chart on behalf of {organization}"
         write_error_log(directory, msg)
         sys.exit(1)
 
-def check_owners_file_against_directory_structure(directory,username, category, organization, chart):
-    print("[INFO] Check owners file against directory structure. %s, %s, %s" % (category, organization, chart))
+
+def check_owners_file_against_directory_structure(
+    directory, category, organization, chart
+):
+    """Check that the content of the OWNERS file correspond to the directory structure
+    the chart is under.
+
+    Following assertion must be true:
+    - the chart.name key must correspond to the name of the chart directory
+    - the vendor.label key must correspond to the organization directory
+
+    Args:
+        directory (str): Local directory in which to write the error logs
+        category (str): Type of profile (community, partners, or redhat)
+        organization (str): Name of the organization (ex: hashicorp)
+        chart (str): Name of the chart (ex: vault)
+    """
+    print(
+        "[INFO] Check owners file against directory structure. %s, %s, %s"
+        % (category, organization, chart)
+    )
     data = open(os.path.join("charts", category, organization, chart, "OWNERS")).read()
     out = yaml.load(data, Loader=Loader)
     vendor_label = out["vendor"]["label"]
@@ -84,47 +128,98 @@ def check_owners_file_against_directory_structure(directory,username, category,
     msgs = []
     if organization != vendor_label:
         error_exit = True
-        msgs.append(f"[ERROR] vendor/label in OWNERS file ({vendor_label}) doesn't match the directory structure (charts/{category}/{organization}/{chart})")
+        msgs.append(
+            f"[ERROR] vendor/label in OWNERS file ({vendor_label}) doesn't match the directory structure (charts/{category}/{organization}/{chart})"
+        )
     if chart != chart_name:
-        msgs.append(f"[ERROR] chart/name in OWNERS file ({chart_name}) doesn't match the directory structure (charts/{category}/{organization}/{chart})")
+        msgs.append(
+            f"[ERROR] chart/name in OWNERS file ({chart_name}) doesn't match the directory structure (charts/{category}/{organization}/{chart})"
+        )
         error_exit = True
     if error_exit:
         write_error_log(directory, *msgs)
         sys.exit(1)
 
-def verify_signature(directory, category, organization, chart, version):
+
+def verify_signature(category, organization, chart, version):
+    """Verify that the PGP signature (report.yaml.asc) can decrypt report.yaml
+
+    Args:
+        category (str): Type of profile (community, partners, or redhat)
+        organization (str): Name of the organization (ex: hashicorp)
+        chart (str): Name of the chart (ex: vault)
+        version (str): The version of the chart (ex: 1.4.0)
+    """
     print("[INFO] Verify signature. %s, %s, %s" % (organization, chart, version))
-    data = open(os.path.join("charts", category, organization, chart, "OWNERS")).read()
-    out = yaml.load(data, Loader=Loader)
-    publickey = out.get('publicPgpKey')
-    if not publickey:
-        return
-    with open("public.key", "w") as fd:
-        fd.write(publickey)
-    out = subprocess.run(["gpg", "--import", "public.key"], capture_output=True)
-    print("[INFO]", out.stdout.decode("utf-8"))
-    print("[WARNING]", out.stderr.decode("utf-8"))
-    report = os.path.join("charts", category, organization, chart, version, "report.yaml")
-    sign = os.path.join("charts", category, organization, chart, version, "report.yaml.asc")
-    out = subprocess.run(["gpg", "--verify", sign, report], capture_output=True)
-    print("[INFO]", out.stdout.decode("utf-8"))
-    print("[WARNING]", out.stderr.decode("utf-8"))
-
-def match_checksum(directory,generated_report_info_path,category, organization, chart, version):
+    sign = os.path.join(
+        "charts", category, organization, chart, version, "report.yaml.asc"
+    )
+    if os.path.exists(sign):
+        data = open(
+            os.path.join("charts", category, organization, chart, "OWNERS")
+        ).read()
+        out = yaml.load(data, Loader=Loader)
+        publickey = out.get("publicPgpKey")
+        if not publickey:
+            return
+        with open("public.key", "w") as fd:
+            fd.write(publickey)
+        out = subprocess.run(["gpg", "--import", "public.key"], capture_output=True)
+        print("[INFO]", out.stdout.decode("utf-8"))
+        print("[WARNING]", out.stderr.decode("utf-8"))
+        report = os.path.join(
+            "charts", category, organization, chart, version, "report.yaml"
+        )
+        out = subprocess.run(["gpg", "--verify", sign, report], capture_output=True)
+        print("[INFO]", out.stdout.decode("utf-8"))
+        print("[WARNING]", out.stderr.decode("utf-8"))
+    else:
+        print(f"[INFO] Signed report not found: {sign}.")
+
+
+def match_checksum(
+    directory, generated_report_info_path, category, organization, chart, version
+):
+    """Check that the provided report and the generated report have the same chart
+    digest
+
+    Args:
+        directory (str): Local directory in which to write the error logs
+        generated_report_info_path (str): Path to the processed JSON report generated
+                                          in the pipeline
+        category (str): Type of profile (community, partners, or redhat)
+        organization (str): Name of the organization (ex: hashicorp)
+        chart (str): Name of the chart (ex: vault)
+        version (str): The version of the chart (ex: 1.4.0)
+    """
     print("[INFO] Check digests match. %s, %s, %s" % (organization, chart, version))
-    submitted_report_path = os.path.join("charts", category, organization, chart, version, "report.yaml")
-    submitted_digests = report_info.get_report_digests(report_path=submitted_report_path)
+    submitted_report_path = os.path.join(
+        "charts", category, organization, chart, version, "report.yaml"
+    )
+    submitted_digests = report_info.get_report_digests(
+        report_path=submitted_report_path
+    )
     submitted_digest = submitted_digests["chart"]
 
-    generated_digests = report_info.get_report_digests(report_info_path=generated_report_info_path)
+    generated_digests = report_info.get_report_digests(
+        report_info_path=generated_report_info_path
+    )
     generated_digest = generated_digests["chart"]
 
-    if  submitted_digest != generated_digest:
+    if submitted_digest != generated_digest:
         msg = f"[ERROR] Digest is not matching: {submitted_digest}, {generated_digest}"
         write_error_log(directory, msg)
         sys.exit(1)
 
+
 def check_url(directory, report_path):
+    """Check that the chart URL provided in report.yaml is valid and that the chart
+    digest matches the one provided in report.yaml
+
+    Args:
+        directory (str): Local directory in which to write the error logs
+        report_path (str): Path to report.yaml
+    """
     print("[INFO] Check chart_url is a valid url. %s" % report_path)
     chart_url = report_info.get_report_chart_url(report_path=report_path)
 
@@ -157,13 +252,34 @@ def check_url(directory, report_path):
         msgs.append(str(err))
         write_error_log(directory, *msgs)
 
-    verify_package_digest(chart_url,report_path)
-
-def match_name_and_version(directory, category, organization, chart, version,generated_report_path):
-    print("[INFO] Check chart has same name and version as directory structure. %s, %s, %s" % (organization, chart, version))
-    submitted_report_path = os.path.join("charts", category, organization, chart, version, "report.yaml")
+    verify_package_digest(chart_url, report_path)
+
+
+def match_name_and_version(
+    directory, category, organization, chart, version, generated_report_path
+):
+    """Check that the chart name and version in the provided report.yaml and in the
+    report generated in the pipeline match the underlying directory structure.
+
+    Args:
+        directory (str): Local directory in which to write the error logs
+        category (str): Type of profile (community, partners, or redhat)
+        organization (str): Name of the organization (ex: hashicorp)
+        chart (str): Name of the chart (ex: vault)
+        version (str): The version of the chart (ex: 1.4.0)
+        generated_report_path (str): Path to the report generated in the pipeline
+    """
+    print(
+        "[INFO] Check chart has same name and version as directory structure. %s, %s, %s"
+        % (organization, chart, version)
+    )
+    submitted_report_path = os.path.join(
+        "charts", category, organization, chart, version, "report.yaml"
+    )
     if os.path.exists(submitted_report_path):
-        submitted_report_chart = report_info.get_report_chart(report_path=submitted_report_path)
+        submitted_report_chart = report_info.get_report_chart(
+            report_path=submitted_report_path
+        )
         submitted_report_chart_name = submitted_report_chart["name"]
         submitted_report_chart_version = submitted_report_chart["version"]
 
@@ -178,7 +294,9 @@ def match_name_and_version(directory, category, organization, chart, version,gen
             sys.exit(1)
 
         if os.path.exists(generated_report_path):
-            report_chart = report_info.get_report_chart(report_path=generated_report_path)
+            report_chart = report_info.get_report_chart(
+                report_path=generated_report_path
+            )
             report_chart_name = report_chart["name"]
             report_chart_version = report_chart["version"]
 
@@ -207,22 +325,45 @@ def match_name_and_version(directory, category, organization, chart, version,gen
             write_error_log(directory, msg)
             sys.exit(1)
 
+
 def check_report_success(directory, api_url, report_path, report_info_path, version):
+    """Check the content of report.yaml
+
+    * Check that the version in the report matches with the directory structure.
+    * Check that the vendor type in the report matches with the directory structure.
+    * Check the presence of the required annotations.
+    * Check that the report doesn't contains failed checks.
+    * Check that the testedOpenShiftVersion and certifiedOpenShiftVersions labels
+      contain SemVer compatible versions.
+
+    Also adds the content of report.yaml to the GITHUB_OUTPUT.
+
+    Args:
+        directory (str): Local directory in which to write the error logs
+        api_url (str): URL of the GitHub PR
+        report_path (str): Path to report.yaml
+        report_info_path (str): Path to processed JSON report
+        version (str): The version of the chart (ex: 1.4.0)
+    """
     print("[INFO] Check report success. %s" % report_path)
     data = open(report_path).read()
     print("[INFO] Full report: ")
     print(data)
     quoted_data = data.replace("%", "%25").replace("\n", "%0A").replace("\r", "%0D")
-    print(f"::set-output name=report_content::{quoted_data}")
+    gitutils.add_output("report_content", quoted_data)
 
-    chart = report_info.get_report_chart(report_path=report_path,report_info_path=report_info_path)
+    chart = report_info.get_report_chart(
+        report_path=report_path, report_info_path=report_info_path
+    )
     report_version = chart["version"]
     if report_version != version:
         msg = f"[ERROR] Chart Version '{report_version}' doesn't match the version in the directory path: '{version}'"
         write_error_log(directory, msg)
         sys.exit(1)
 
-    report_metadata = report_info.get_report_metadata(report_path=report_path,report_info_path=report_info_path)
+    report_metadata = report_info.get_report_metadata(
+        report_path=report_path, report_info_path=report_info_path
+    )
     profile_version = report_metadata["profileVersion"]
     vendor_type = get_vendor_type(directory)
     report_vendor_type = report_metadata["vendorType"]
@@ -233,17 +374,23 @@ def check_report_success(directory, api_url, report_path, report_info_path, vers
         sys.exit(1)
 
     print(f"[INFO] Profile version:  {profile_version}")
-    annotations = report_info.get_report_annotations(report_path=report_path,report_info_path=report_info_path)
+    annotations = report_info.get_report_annotations(
+        report_path=report_path, report_info_path=report_info_path
+    )
 
-    required_annotations = {"charts.openshift.io/lastCertifiedTimestamp",
-                            "charts.openshift.io/testedOpenShiftVersion",
-                            "charts.openshift.io/supportedOpenShiftVersions",
-                            "charts.openshift.io/digest"}
+    required_annotations = {
+        "charts.openshift.io/lastCertifiedTimestamp",
+        "charts.openshift.io/testedOpenShiftVersion",
+        "charts.openshift.io/supportedOpenShiftVersions",
+        "charts.openshift.io/digest",
+    }
 
     if profile_version == "v1.0":
-        required_annotations = {"charts.openshift.io/lastCertifiedTimestamp",
-                                "charts.openshift.io/certifiedOpenShiftVersions",
-                                "charts.openshift.io/digest"}
+        required_annotations = {
+            "charts.openshift.io/lastCertifiedTimestamp",
+            "charts.openshift.io/certifiedOpenShiftVersions",
+            "charts.openshift.io/digest",
+        }
 
     available_annotations = set(annotations.keys())
 
@@ -253,10 +400,13 @@ def check_report_success(directory, api_url, report_path, report_info_path, vers
         write_error_log(directory, msg)
         sys.exit(1)
 
-    report = report_info.get_report_results(report_path=report_path,report_info_path=report_info_path,profile_type=vendor_type)
+    report = report_info.get_report_results(
+        report_path=report_path,
+        report_info_path=report_info_path,
+        profile_type=vendor_type,
+    )
 
-    labels = get_labels(api_url)
-    label_names = [l["name"] for l in labels]
+    label_names = prartifact.get_labels(api_url)
 
     failed = report["failed"]
     passed = report["passed"]
@@ -266,22 +416,22 @@ def check_report_success(directory, api_url, report_path, report_info_path, vers
         msgs.append("[ERROR] Chart verifier report includes failures:")
         msgs.append(f"- Number of checks passed: {passed}")
         msgs.append(f"- Number of checks failed: {failed}")
-        msgs.append(f"- Error message(s):")
+        msgs.append("- Error message(s):")
         for m in report["message"]:
             msgs.append(f"  - {m}")
         write_error_log(directory, *msgs)
         if vendor_type == "redhat":
-            print(f"::set-output name=redhat_to_community::True")
+            gitutils.add_output("redhat_to_community", "True")
         if vendor_type != "redhat" and "force-publish" not in label_names:
             if vendor_type == "community":
                 # requires manual review and approval
-                print(f"::set-output name=community_manual_review_required::True")
+                gitutils.add_output("community_manual_review_required", "True")
             sys.exit(1)
 
     if vendor_type == "community" and "force-publish" not in label_names:
         # requires manual review and approval
         print("[INFO] Community submission requires manual approval.")
-        print(f"::set-output name=community_manual_review_required::True")
+        gitutils.add_output("community_manual_review_required", "True")
         sys.exit(1)
 
     if failures_in_report or vendor_type == "community":
@@ -303,65 +453,118 @@ def check_report_success(directory, api_url, report_path, report_info_path, vers
             write_error_log(directory, msg)
             sys.exit(1)
 
-def verify_package_digest(url,report):
+
+def verify_package_digest(url, report):
     print("[INFO] check package digest.")
 
     response = requests.get(url, allow_redirects=True)
     if response.status_code == 200:
         target_digest = hashlib.sha256(response.content).hexdigest()
 
-    found,report_data = verifier_report.get_report_data(report)
+    found, report_data = verifier_report.get_report_data(report)
     if found:
         pkg_digest = verifier_report.get_package_digest(report_data)
 
     if target_digest:
         if pkg_digest and pkg_digest != target_digest:
             # Digest was passed and computed but differ
-            raise Exception("Found an integrity issue. SHA256 digest passed does not match SHA256 digest computed.")
+            raise Exception(
+                "Found an integrity issue. SHA256 digest passed does not match SHA256 digest computed."
+            )
     elif not pkg_digest:
         # Digest was not passed and could not be computed
-        raise Exception("Was unable to compute SHA256 digest, please ensure chart url points to a chart package.")
+        raise Exception(
+            "Was unable to compute SHA256 digest, please ensure chart url points to a chart package."
+        )
 
 
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument("-d", "--directory", dest="directory", type=str, required=True,
-                                        help="artifact directory for archival")
-    parser.add_argument("-n", "--verify-user", dest="username", type=str, required=True,
-                                        help="check if the user can update the chart")
-    parser.add_argument("-u", "--api-url", dest="api_url", type=str, required=True,
-                                        help="API URL for the pull request")
+    parser.add_argument(
+        "-d",
+        "--directory",
+        dest="directory",
+        type=str,
+        required=True,
+        help="artifact directory for archival",
+    )
+    parser.add_argument(
+        "-n",
+        "--verify-user",
+        dest="username",
+        type=str,
+        required=True,
+        help="check if the user can update the chart",
+    )
+    parser.add_argument(
+        "-u",
+        "--api-url",
+        dest="api_url",
+        type=str,
+        required=True,
+        help="API URL for the pull request",
+    )
     args = parser.parse_args()
-    category, organization, chart, version = get_modified_charts(args.directory, args.api_url)
+
+    category, organization, chart, version = get_modified_charts(
+        args.directory, args.api_url
+    )
     verify_user(args.directory, args.username, category, organization, chart)
-    check_owners_file_against_directory_structure(args.directory, args.username, category, organization, chart)
-    submitted_report_path = os.path.join("charts", category, organization, chart, version, "report.yaml")
+    check_owners_file_against_directory_structure(
+        args.directory, category, organization, chart
+    )
+
+    report_generated = os.environ.get("REPORT_GENERATED")
+    generated_report_path = os.environ.get("GENERATED_REPORT_PATH")
+    generated_report_info_path = os.environ.get("REPORT_SUMMARY_PATH")
+    env = Env()
+    web_catalog_only = env.bool("WEB_CATALOG_ONLY", False)
 
+    submitted_report_path = os.path.join(
+        "charts", category, organization, chart, version, "report.yaml"
+    )
     if os.path.exists(submitted_report_path):
-        report_valid, message = verifier_report.validate(submitted_report_path)
+        ocp_version_range = os.environ.get("OCP_VERSION_RANGE")
+        report_valid, message = verifier_report.validate(
+            submitted_report_path, ocp_version_range
+        )
         if not report_valid:
             msg = f"Submitted report is not valid: {message}"
             print(f"[ERROR] {msg}")
             write_error_log(args.directory, msg)
             sys.exit(1)
-        else:
-            print("[INFO] Submitted report passed validity check!")
 
+        print("[INFO] Submitted report passed validity check!")
+        owners_file = os.path.join("charts", category, organization, chart, "OWNERS")
+        pgp_key_in_owners = signedchart.get_pgp_key_from_owners(owners_file)
+        if pgp_key_in_owners:
+            if signedchart.check_report_for_signed_chart(submitted_report_path):
+                if not signedchart.check_pgp_public_key(
+                    pgp_key_in_owners, submitted_report_path
+                ):
+                    msg = "PGP key in OWNERS file does not match with key digest in report."
+                    print(f"[ERROR] {msg}")
+                    write_error_log(args.directory, msg)
+                    sys.exit(1)
+                else:
+                    print(
+                        "[INFO] PGP key in OWNERS file matches with key digest in report."
+                    )
 
-    report_generated = os.environ.get("REPORT_GENERATED")
-    generated_report_path = os.environ.get("GENERATED_REPORT_PATH")
-    generated_report_info_path =  os.environ.get("REPORT_SUMMARY_PATH")
-    env = Env()
-    provider_delivery = env.bool("PROVIDER_DELIVERY",False)
-
-    if os.path.exists(submitted_report_path):
         print("[INFO] Report exists: ", submitted_report_path)
-        verify_signature(args.directory, category, organization, chart, version)
+        verify_signature(category, organization, chart, version)
         report_path = submitted_report_path
         report_info_path = ""
         if report_generated and report_generated == "True":
-            match_checksum(args.directory,generated_report_info_path, category, organization, chart, version)
-        elif not provider_delivery:
+            match_checksum(
+                args.directory,
+                generated_report_info_path,
+                category,
+                organization,
+                chart,
+                version,
+            )
+        elif not web_catalog_only:
             check_url(args.directory, report_path)
     else:
         print("[INFO] Report does not exist: ", submitted_report_path)
@@ -372,6 +575,9 @@ def main():
     print(f"[INFO]: generated report path: {generated_report_path}")
     print(f"[INFO]: generated report info: {generated_report_info_path}")
 
-
-    match_name_and_version(args.directory, category, organization, chart, version, generated_report_path)
-    check_report_success(args.directory, args.api_url, report_path, report_info_path, version)
+    match_name_and_version(
+        args.directory, category, organization, chart, version, generated_report_path
+    )
+    check_report_success(
+        args.directory, args.api_url, report_path, report_info_path, version
+    )
diff --git a/scripts/src/chartprreview/chartprreview_test.py b/scripts/src/chartprreview/chartprreview_test.py
index 1c37f02729a..e641aa55658 100644
--- a/scripts/src/chartprreview/chartprreview_test.py
+++ b/scripts/src/chartprreview/chartprreview_test.py
@@ -4,10 +4,12 @@
 from chartprreview.chartprreview import check_owners_file_against_directory_structure
 from chartprreview.chartprreview import write_error_log
 
+
 def test_verify_user():
     with pytest.raises(SystemExit):
         verify_user("mbaiju", "partners", "test-org1", "test-chart")
 
+
 owners_with_wrong_vendor_label = """\
 ---
 chart:
@@ -51,21 +53,30 @@ def test_verify_user():
 """
 
 
-
 def test_check_owners_file_against_directory_structure(tmpdir):
-    original_cwd = os.getcwd()
-    p = tmpdir.mkdir("charts").mkdir("partners").mkdir("test-org").mkdir("test-chart").join("OWNERS")
+    p = (
+        tmpdir.mkdir("charts")
+        .mkdir("partners")
+        .mkdir("test-org")
+        .mkdir("test-chart")
+        .join("OWNERS")
+    )
     p.write(owners_with_wrong_vendor_label)
     os.chdir(tmpdir)
     new_cwd = os.getcwd()
     print("new_cwd", new_cwd)
     with pytest.raises(SystemExit):
-        check_owners_file_against_directory_structure("baijum", "partners", "test-org", "test-chart")
+        check_owners_file_against_directory_structure(
+            "partners", "test-org", "test-chart"
+        )
     p.write(owners_with_wrong_chart_name)
     with pytest.raises(SystemExit):
-        check_owners_file_against_directory_structure("baijum", "partners", "test-org", "test-chart")
+        check_owners_file_against_directory_structure(
+            "partners", "test-org", "test-chart"
+        )
     p.write(owners_with_correct_values)
-    check_owners_file_against_directory_structure("baijum", "partners", "test-org", "test-chart")
+    check_owners_file_against_directory_structure("partners", "test-org", "test-chart")
+
 
 def test_write_error_log(tmpdir):
     write_error_log(tmpdir, "First message")
diff --git a/scripts/src/chartprreview/verify-report.sh b/scripts/src/chartprreview/verify-report.sh
deleted file mode 100644
index 5e80a8aa6f9..00000000000
--- a/scripts/src/chartprreview/verify-report.sh
+++ /dev/null
@@ -1,345 +0,0 @@
-#!/bin/bash
-
-delim=G
-mandatoryChecksPartner=( "${delim}v1.0/contains-test${delim}"
-            "${delim}v1.0/contains-values${delim}"
-            "${delim}v1.0/contains-values-schema${delim}"
-            "${delim}v1.0/has-kubeversion${delim}"
-            "${delim}v1.0/has-readme${delim}"
-            "${delim}v1.0/helm-lint${delim}"
-            "${delim}v1.0/images-are-certified${delim}"
-            "${delim}v1.0/is-helm-v3${delim}"
-            "${delim}v1.0/not-contain-csi-objects${delim}"
-            "${delim}v1.0/chart-testing${delim}"
-            "${delim}v1.0/not-contains-crds${delim}" )
-mandatoryChecksRedHat=${mandatoryChecksPartner}
-mandatoryChecksCommunity=( "${delim}v1.0/helm-lint${delim}" )
-
-getDigest() {
-
-  report=$1
-
-  metadata=false
-  tool=false
-
-  digestValue="Not Found"
-
-  while IFS= read -r line; do
-    line=`echo $line | xargs`
-    if [[ $line == "metadata:"* ]]; then
-      metadata=true
-    elif [[ $line == "results:"* ]]; then
-      metadata=false
-    elif [ "$metadata" = true ]; then
-      if [[ $line == *"tool:" ]]; then
-          tool=true
-      elif [[ $line == *"chart:" ]]; then
-          tool=false
-      elif [ "$tool" = true ]; then
-        if [[ $line == "digest:"* ]]; then
-          name=`echo $line | cut -d: -f1 | xargs`
-          digestValue=`echo "$line" | sed "s#$name:##" | xargs`
-          break;
-        fi
-      fi
-    fi
-
-  done < $report
-
-  echo "$digestValue"
-
-}
-
-checkDigest() {
-
-    sha1=$(getDigest "$1")
-
-    chart=$2
-
-    tempReport="tempReport.yaml"
-
-    docker run -v $(pwd):/charts --rm quay.io/redhat-certification/chart-verifier:latest verify -e has-readme /charts/$chart 2> $tempReport
-
-    sha2=$(getDigest "$tempReport")
-
-    rm $tempReport
-
-    if [ "$sha1" == "$sha2" ]; then
-      echo "{\"result\": \"pass\" , \"message\": \"digests match\"}"
-    else
-      echo "{\"result\": \"fail\" , \"message\": \"digests do not match\"}"
-    fi
-}
-
-getMetadata() {
-
-  report=$1
-
-  metadatas=()
-
-  metadata=false
-  tool=false
-  chart=false
-  chartannotations=false
-
-
-  while IFS= read -r line; do
-    line=`echo $line | xargs`
-    if [[ $line == "metadata:"* ]]; then
-      metadata=true
-    elif [[ $line == "results:"* ]]; then
-      metadata=false
-    elif [ "$metadata" = true ]; then
-      if [[ $line == *"tool:" ]]; then
-          tool=true
-          chart=false
-      elif [[ $line == *"chart:" ]]; then
-          tool=false
-          chart=true
-      elif [ "$tool" = true ]; then
-        if [[ $line == "chart-uri:"* ]]; then
-          name=`echo $line | cut -d: -f1 | xargs`
-          value=`echo "$line" | sed "s#$name:##" | xargs`
-          metadatas+=("\"$name\":\"$value\"")
-        fi
-      elif [ "$chart" = true ]; then
-        if [[ $line == "name:"* ]]; then
-             name=`echo $line | cut -d: -f1 | xargs`
-             value=`echo "$line" | sed "s#$name:##" | xargs`
-             metadatas+=("\"$name\":\"$value\"")
-        elif [[ $line == "version:"* ]]; then
-             name=`echo $line | cut -d: -f1 | xargs`
-             value=`echo "$line" | sed "s#$name:##" | xargs`
-             metadatas+=("\"$name\":\"$value\"")
-        fi
-      fi
-    fi
-
-  done < $report
-
-  output="{"
-  addComma=false
-  for data in "${metadatas[@]}"; do
-    if [ "$addComma" = true ]; then
-      output+=", "
-    fi
-    output+="$data"
-    addComma=true
-  done
-  output+="}"
-
-  echo $output
-}
-
-getAnnotations() {
-
-  report=$1
-
-  annotations=()
-
-  metadata=false
-  tool=false
-  chart=false
-  chartannotations=false
-
-
-  while IFS= read -r line; do
-    line="$(echo -e "${line}" | sed -e 's/^[[:space:]]*//' -e 's/[[:space:]]*$//')"
-    if [[ $line == "metadata:"* ]]; then
-      metadata=true
-    elif [[ $line == "results:"* ]]; then
-      metadata=false
-    elif [ "$metadata" = true ]; then
-      if [[ $line == *"tool:" ]]; then
-          tool=true
-          chart=false
-      elif [[ $line == *"chart:" ]]; then
-          tool=false
-          chart=true
-      elif [ "$tool" = true ]; then
-        if [[ $line == "digest:"* ]]; then
-            digest=`echo "$line" | sed 's/digest://' | xargs`
-            annotations+=("\"charts.openshift.io/digest\":\"$digest\"")
-        elif [[ $line == "lastCertifiedTimestamp:"* ]]; then
-            certtime=`echo "$line" | sed 's/lastCertifiedTimestamp://' | xargs`
-            annotations+=("\"charts.openshift.io/lastCertifiedTimestamp\":\"$certtime\"")
-        elif [[ $line == "certifiedOpenShiftVersions:"* ]]; then
-            osvs=`echo "$line" | sed 's/certifiedOpenShiftVersions://' | xargs`
-            annotations+=("\"charts.openshift.io/certifiedOpenShiftVersions\":\"$osvs\"")
-        fi
-      elif [ "$chart" = true ]; then
-        if [[ $line == "annotations:"* ]]; then
-            chartannotations=true
-        elif [ "$chartannotations" = true ]; then
-          if [[ $line == "charts.openshift.io/"* ]]; then
-             name=`echo $line | cut -d: -f1 | xargs`
-             value=`echo "$line" | sed "s#$name:##" | xargs`
-             annotations+=("\"$name\":\"$value\"")
-          fi
-        fi
-      fi
-    fi
-
-  done < $report
-
-  output="{"
-  addComma=false
-  for annotation in "${annotations[@]}"; do
-    if [ "$addComma" = true ]; then
-      output+=", "
-    fi
-    output+="$annotation"
-    addComma=true
-  done
-  output+="}"
-
-  echo $output
-}
-
-getFails() {
-
-  report=$1
-  profile=$2
-
-  case "${profile}" in
-    partner)
-      mandatoryChecks=${mandatoryChecksPartner}
-      ;;
-    redhat)
-      mandatoryChecks=${mandatoryChecksRedHat}
-      ;;
-    community)
-      mandatoryChecks=${mandatoryChecksCommunity}
-      ;;
-    *)
-      mandatoryChecks=${mandatoryChecksPartner}
-      ;;
-  esac
-
-  results=false
-  fails=()
-  passed=0
-
-  while IFS= read -r line; do
-
-
-    if [[ ! -z $line ]]; then
-      if [[ $line == "results:"* ]]; then
-        results=true
-      elif [ "$results" = true ]; then
-        if [[ $line == *" - "* ]]; then
-            if [ "$multireason" = true ]; then
-              if [ -n "$check" ] && [ -n "$type" ] && [ -n "$outcome" ] && [ -n "$reason" ]; then
-                if [[ $outcome != "PASS" ]] && [[ $type == "Mandatory" ]]; then
-                    fails+=("$check : $reason")
-                else
-                  passed=$((passed+1))
-                fi
-
-                remove="$delim$check$delim"
-                mandatoryChecks=("${mandatoryChecks[@]/$remove}")
-              fi
-            fi
-            multireason=false
-            nextlinereason=false
-            check=""
-            type=""
-            outcome=""
-            reason=""
-        fi
-        if [[ $line == *"check:"* ]]; then
-           check=`echo "$line" | cut -d: -f2- | xargs`
-        elif [[ $line == *"type:"* ]]; then
-           type=`echo $line | cut -d: -f2- | xargs`
-        elif [[ $line == *"outcome:"* ]]; then
-           outcome=`echo $line | cut -d: -f2- | xargs`
-        elif [[ $line == *"reason:"* ]]; then
-           reason=`echo $line | cut -d: -f2-`
-           if [[ $reason == *'|-' ]]; then
-             multireason=true
-             reason=""
-           elif [[ $reason == *'|' ]]; then
-             nextlinereason=true
-             reason=""
-           elif [[ $reason == *\'* ]]; then
-             multireason=true
-             reason=`printf "$reason\n" | sed "s/\"/'/g"`
-             continue
-           fi
-        elif [ "$multireason" = true ]; then
-          reason+=`printf "$line\n" | sed "s/\"/'/g"`
-          continue
-        elif [ "$nextlinereason" = true ]; then
-          reason=`echo $line | xargs`
-          nextlinereason=false
-        fi
-
-        if [ -n "$check" ] && [ -n "$type" ] && [ -n "$outcome" ] && [ -n "$reason" ]; then
-          if [[ $outcome != "PASS" ]] && [[ $type == "Mandatory" ]]; then
-              fails+=("$check : $reason")
-          else
-            passed=$((passed+1))
-          fi
-
-          remove="$delim$check$delim"
-          mandatoryChecks=("${mandatoryChecks[@]/$remove}")
-        fi
-      fi
-    fi
-  done < $report
-
-  for mandatoryCheck in "${mandatoryChecks[@]}"; do
-    if [ ! -z "$mandatoryCheck" ]; then
-      missingcheck="${mandatoryCheck%$delim}"
-      missingcheck="${missingcheck#$delim}"
-      fails+=("Missing mandatory check : $missingcheck")
-    fi
-  done
-
-
-  output="{\"passed\": $passed, \"failed\": ${#fails[@]}"
-  if [ ${#fails[@]} -gt 0 ]; then
-      output+=", \"message\": ["
-      addComma=false
-      for fail in "${fails[@]}"; do
-        if [ "$addComma" = true ]; then
-          output+=","
-        fi
-        output+="\"$fail\""
-        addComma=true
-      done
-      output+="]"
-  fi
-  output+="}"
-  echo $output
-
-}
-
-command=$1
-report=$2
-chart=$3
-
-if [ -z "$report" ]; then
-  echo "{\"error\": \"report must be specified\"}"
-  exit
-fi
-
-if [ ! -f "$report" ]; then
-  echo "{\"error\": \"report does not exist\"}"
-  exit
-fi
-
-
-if [ $command == "results" ]; then
-  profile=$3
-  getFails "$report" "$profile"
-elif  [ $command == "annotations" ]; then
-  getAnnotations "$report"
-elif  [ $command == "metadata" ]; then
-  getMetadata "$report"
-elif  [ $command == "checkdigest" ]; then
-  checkDigest "$report" "$chart"
-else
-  echo "{\"error\": \"$command is not a valid command\"}"
-fi
-
diff --git a/scripts/src/chartrepomanager/chartrepomanager.py b/scripts/src/chartrepomanager/chartrepomanager.py
index 706fccee8b1..02c9802d331 100644
--- a/scripts/src/chartrepomanager/chartrepomanager.py
+++ b/scripts/src/chartrepomanager/chartrepomanager.py
@@ -1,35 +1,88 @@
+"""This file prepares the GitHub release and Index update steps.
+
+All artifacts that go into a GitHub release are prepared:
+* The report.yaml. If not provided by the user, a report has been generated at an
+  earlier step and is included in the release.
+* The public signing key, if provided by the user.
+* The chart's sources, if provided by the user.
+* The provenance file, if provided by the user.
+
+A GitHub release will be created in a later step, if the user hasn't selected the "Web
+Catalog Only" option.
+
+An Index entry is prepared for this chart and version, either:
+* Crafted from the Chart.yaml, if the chart's sources have been provided by the user.
+* Prepared from scratch using information from the report.yaml.
+
+The index entry and chart URL are made available as GitHub outputs and the actual index
+update occurs in a later step.
+
+"""
+
 import argparse
+import base64
+import json
 import shutil
 import os
 import sys
 import re
 import subprocess
 import tempfile
-from datetime import datetime, timezone
-import hashlib
+import time
 import urllib.parse
-import environs
 from environs import Env
 
-import semver
-import requests
 import yaml
+
 try:
     from yaml import CLoader as Loader, CDumper as Dumper
 except ImportError:
     from yaml import Loader, Dumper
 
-sys.path.append('../')
+sys.path.append("../")
 from report import report_info
 from chartrepomanager import indexannotations
+from signedchart import signedchart
+from pullrequest import prartifact
+from reporegex import matchers
+from tools import gitutils
+
+
+def _encode_chart_entry(chart_entry):
+    """Encode the chart_entry to base64. This is needed to pass it as an argument to
+    the update index step.
+
+    Args:
+        chart_entry (dict): the index entry for this chart to encode
+
+    Returns:
+        str: The encoded base64 string equivalent.
+
+    """
+    chart_entry_str = json.dumps(chart_entry)
+    chart_entry_bytes = chart_entry_str.encode()
+
+    # Decoding to string for the GITHUB_OUTPUT
+    return base64.b64encode(chart_entry_bytes).decode()
+
 
 def get_modified_charts(api_url):
-    files_api_url = f'{api_url}/files'
-    headers = {'Accept': 'application/vnd.github.v3+json'}
-    r = requests.get(files_api_url, headers=headers)
-    pattern = re.compile(r"charts/(\w+)/([\w-]+)/([\w-]+)/([\w\.-]+)/.*")
-    for f in r.json():
-        m = pattern.match(f["filename"])
+    """Get the category, organization, chart name, and new version corresponding to
+    the chart being added or modified by this PR.
+
+    Args:
+        api_url (str): URL of the GitHub PR
+
+    Returns:
+        (str, str, str, str): category, organization, chart, and version (e.g. partner,
+                              hashicorp, vault, 1.4.0)
+    """
+    files = prartifact.get_modified_files(api_url)
+    pattern = re.compile(
+        matchers.submission_path_matcher(strict_categories=False) + r"/.*"
+    )
+    for file_path in files:
+        m = pattern.match(file_path)
         if m:
             category, organization, chart, version = m.groups()
             return category, organization, chart, version
@@ -37,34 +90,58 @@ def get_modified_charts(api_url):
     print("No modified files found.")
     sys.exit(0)
 
-def get_current_commit_sha():
-    cwd = os.getcwd()
-    os.chdir("..")
-    subprocess.run(["git", "pull", "--all", "--force"], capture_output=True)
-    commit = subprocess.run(["git", "rev-parse", "--verify", "HEAD"], capture_output=True)
-    print(commit.stdout.decode("utf-8"))
-    print(commit.stderr.decode("utf-8"))
-    commit_hash = commit.stdout.strip()
-    print("Current commit sha:", commit_hash)
-    os.chdir(cwd)
-    return commit_hash
 
 def check_chart_source_or_tarball_exists(category, organization, chart, version):
+    """Check if the chart's source or chart's tarball is present
+
+    Args:
+        category (str): Type of profile (community, partners, or redhat)
+        organization (str): Name of the organization (ex: hashicorp)
+        chart (str): Name of the chart (ex: vault)
+        version (str): The version of the chart (ex: 1.4.0)
+
+    Returns:
+        (bool, bool): First boolean indicates the presence of the chart's source
+                      Second boolean indicates the presence of the chart's tarball
+    """
     src = os.path.join("charts", category, organization, chart, version, "src")
     if os.path.exists(src):
         return True, False
 
-    tarball = os.path.join("charts", category, organization, chart, version, f"{chart}-{version}.tgz")
+    tarball = os.path.join(
+        "charts", category, organization, chart, version, f"{chart}-{version}.tgz"
+    )
     if os.path.exists(tarball):
         return False, True
 
     return False, False
 
+
 def check_report_exists(category, organization, chart, version):
-    report_path = os.path.join("charts", category, organization, chart, version, "report.yaml")
+    """Check if a report was provided by the user
+
+    Args:
+        category (str): Type of profile (community, partners, or redhat)
+        organization (str): Name of the organization (ex: hashicorp)
+        chart (str): Name of the chart (ex: vault)
+        version (str): The version of the chart (ex: 1.4.0)
+
+    Returns:
+        (bool, str): a boolean set to True if the report.yaml file is present, and the
+                     path to the report.yaml file.
+    """
+    report_path = os.path.join(
+        "charts", category, organization, chart, version, "report.yaml"
+    )
     return os.path.exists(report_path), report_path
 
-def generate_report(chart_file_name):
+
+def generate_report():
+    """Creates report file using the content generated by chart-pr-review
+
+    Returns:
+        str: Path to the report.yaml file.
+    """
     cwd = os.getcwd()
     report_content = urllib.parse.unquote(os.environ.get("REPORT_CONTENT"))
     print("[INFO] Report content:")
@@ -74,76 +151,162 @@ def generate_report(chart_file_name):
         fd.write(report_content)
     return report_path
 
+
 def prepare_chart_source_for_release(category, organization, chart, version):
-    print("[INFO] prepare chart source for release. %s, %s, %s, %s" % (category, organization, chart, version))
+    """Create an archive file of the Chart for the GitHub release.
+
+    When the PR contains the chart's source, we package it using "helm package" and
+    place the archive file in the ".cr-release-packages" directory. This directory will
+    contain all assets that should be uploaded as a GitHub Release.
+
+    Args:
+        category (str): Type of profile (community, partners, or redhat)
+        organization (str): Name of the organization (ex: hashicorp)
+        chart (str): Name of the chart (ex: vault)
+        version (str): The version of the chart (ex: 1.4.0)
+    """
+    print(
+        "[INFO] prepare chart source for release. %s, %s, %s, %s"
+        % (category, organization, chart, version)
+    )
     path = os.path.join("charts", category, organization, chart, version, "src")
     out = subprocess.run(["helm", "package", path], capture_output=True)
     print(out.stdout.decode("utf-8"))
     print(out.stderr.decode("utf-8"))
     chart_file_name = f"{chart}-{version}.tgz"
-    new_chart_file_name = f"{organization}-{chart}-{version}.tgz"
     try:
-        os.remove(os.path.join(".cr-release-packages", new_chart_file_name))
+        os.remove(os.path.join(".cr-release-packages", chart_file_name))
     except FileNotFoundError:
         pass
-    shutil.copy(f"{chart}-{version}.tgz" , f".cr-release-packages/{new_chart_file_name}")
-
-def prepare_chart_tarball_for_release(category, organization, chart, version):
-    print("[INFO] prepare chart tarball for release. %s, %s, %s, %s" % (category, organization, chart, version))
+    shutil.copy(f"{chart}-{version}.tgz", f".cr-release-packages/{chart_file_name}")
+
+
+def prepare_chart_tarball_for_release(
+    category, organization, chart, version, signed_chart
+):
+    """Move the provided tarball (and signing key if needed) to the release directory
+
+    The tarball is moved to the ".cr-release-packages" directory. If the archive has
+    been signed with "helm package --sign", the provenance file is also included.
+
+    Args:
+        category (str): Type of profile (community, partners, or redhat)
+        organization (str): Name of the organization (ex: hashicorp)
+        chart (str): Name of the chart (ex: vault)
+        version (str): The version of the chart (ex: 1.4.0)
+        signed_chart (bool): Set to True if the tarball chart is signed.
+
+    Returns:
+        str: Path to the public key file used to sign the tarball
+    """
+    print(
+        "[INFO] prepare chart tarball for release. %s, %s, %s, %s"
+        % (category, organization, chart, version)
+    )
     chart_file_name = f"{chart}-{version}.tgz"
-    new_chart_file_name = f"{organization}-{chart}-{version}.tgz"
-    path = os.path.join("charts", category, organization, chart, version, chart_file_name)
+    # Path to the provided tarball
+    path = os.path.join(
+        "charts", category, organization, chart, version, chart_file_name
+    )
     try:
-        os.remove(os.path.join(".cr-release-packages", new_chart_file_name))
+        os.remove(os.path.join(".cr-release-packages", chart_file_name))
     except FileNotFoundError:
         pass
-    shutil.copy(path, f".cr-release-packages/{new_chart_file_name}")
+    shutil.copy(path, f".cr-release-packages/{chart_file_name}")
     shutil.copy(path, chart_file_name)
 
-def push_chart_release(repository, organization, commit_hash):
-    print("[INFO]push chart release. %s, %s, %s " % (repository, organization, commit_hash))
-    org, repo = repository.split("/")
-    token = os.environ.get("GITHUB_TOKEN")
-    print("[INFO] Upload chart using the chart-releaser")
-    out = subprocess.run(["cr", "upload", "-c", commit_hash, "-o", org, "-r", repo, "--release-name-template", f"{organization}-"+"{{ .Name }}-{{ .Version }}", "-t", token], capture_output=True)
-    print(out.stdout.decode("utf-8"))
-    print(out.stderr.decode("utf-8"))
-
-def create_worktree_for_index(branch):
-    dr = tempfile.mkdtemp(prefix="crm-")
-    upstream = os.environ["GITHUB_SERVER_URL"] + "/" + os.environ["GITHUB_REPOSITORY"]
-    out = subprocess.run(["git", "remote", "add", "upstream", upstream], capture_output=True)
-    print(out.stdout.decode("utf-8"))
-    err = out.stderr.decode("utf-8")
-    if err.strip():
-        print("Adding upstream remote failed:", err, "branch", branch, "upstream", upstream)
-    out = subprocess.run(["git", "fetch", "upstream"], capture_output=True)
-    print(out.stdout.decode("utf-8"))
-    err = out.stderr.decode("utf-8")
-    if err.strip():
-        print("Fetching upstream remote failed:", err, "branch", branch, "upstream", upstream)
-    out = subprocess.run(["git", "worktree", "add", "--detach", dr, f"upstream/{branch}"], capture_output=True)
-    print(out.stdout.decode("utf-8"))
-    err = out.stderr.decode("utf-8")
-    if err.strip():
-        print("Creating worktree failed:", err, "branch", branch, "directory", dr)
-    return dr
-
-def create_index_from_chart(indexdir, repository, branch, category, organization, chart, version, chart_url):
-    print("[INFO] create index from chart. %s, %s, %s, %s, %s" % (category, organization, chart, version, chart_url))
-    path = os.path.join("charts", category, organization, chart, version)
-    chart_file_name = f"{chart}-{version}.tgz"
-    out = subprocess.run(["helm", "show", "chart", os.path.join(".cr-release-packages", chart_file_name)], capture_output=True)
+    if signed_chart:
+        print("[INFO] Signed chart - include PROV file")
+        prov_file_name = f"{chart_file_name}.prov"
+        path = os.path.join(
+            "charts", category, organization, chart, version, prov_file_name
+        )
+        try:
+            os.remove(os.path.join(".cr-release-packages", prov_file_name))
+        except FileNotFoundError:
+            pass
+        shutil.copy(path, f".cr-release-packages/{prov_file_name}")
+        shutil.copy(path, prov_file_name)
+        gitutils.add_output(
+            "prov_file_name",
+            os.path.join(os.getcwd(), ".cr-release-packages", prov_file_name),
+        )
+        return get_key_file(category, organization, chart, version)
+    return ""
+
+
+def get_key_file(category, organization, chart, version):
+    owners_path = os.path.join("charts", category, organization, chart, "OWNERS")
+    key_in_owners = signedchart.get_pgp_key_from_owners(owners_path)
+    if key_in_owners:
+        key_file_name = f"{chart}-{version}.tgz.key"
+        print(f"[INFO] Signed chart - add public key file : {key_file_name}")
+        signedchart.create_public_key_file(key_in_owners, key_file_name)
+        return key_file_name
+    return ""
+
+
+def create_index_from_chart(chart_file_name):
+    """Prepare the index entry for this chart
+
+    Given that a chart tarball could be created (i.e. the user provided either the
+    chart's source or tarball), the content of Chart.yaml is used for the index entry.
+
+    Args:
+        chart_file_name (str): Name of the chart's archive
+
+    Returns:
+        dict: content of Chart.yaml, to be used as index entry.
+    """
+    print("[INFO] create index from chart. %s" % (chart_file_name))
+    out = subprocess.run(
+        [
+            "helm",
+            "show",
+            "chart",
+            os.path.join(".cr-release-packages", chart_file_name),
+        ],
+        capture_output=True,
+    )
     p = out.stdout.decode("utf-8")
     print(p)
     print(out.stderr.decode("utf-8"))
     crt = yaml.load(p, Loader=Loader)
     return crt
 
-def create_index_from_report(category, report_path):
-    print("[INFO] create index from report. %s, %s" % (category, report_path))
 
-    annotations = indexannotations.getIndexAnnotations(report_path)
+def create_index_from_report(category, ocp_version_range, report_path):
+    """Prepare the index entry for this chart.
+
+    In the case only a report was provided by the user, we need to craft an index entry
+    for this chart.
+
+    To that end, this function performs the following actions:
+    * Get the list of annotations from report file
+    * Override / set additional annotations:
+        * Replaces the certifiedOpenShiftVersions annotation with the
+          testedOpenShiftVersion annotation.
+        * Adds supportedOpenShiftVersions if not already set.
+        * Adds (overrides) providerType.
+    * Use report.medatata.chart as a base for the index entry
+    * Merge (override) annotations into the index entry' annotations
+    * Add digest to index entry if known.
+
+    Args:
+        category (str): Type of profile (community, partners, or redhat)
+        ocp_version_range (str): Range of supported OCP versions
+        report_path (str): Path to the report.yaml file
+
+    Returns:
+        dict: Index entry for this chart
+
+    """
+    print(
+        "[INFO] create index from report. %s, %s, %s"
+        % (category, ocp_version_range, report_path)
+    )
+
+    annotations = indexannotations.getIndexAnnotations(ocp_version_range, report_path)
 
     print("category:", category)
     redhat_to_community = bool(os.environ.get("REDHAT_TO_COMMUNITY"))
@@ -154,129 +317,49 @@ def create_index_from_report(category, report_path):
     else:
         annotations["charts.openshift.io/providerType"] = category
 
-    chart_url = report_info.get_report_chart_url(report_path)
     chart_entry = report_info.get_report_chart(report_path)
     if "annotations" in chart_entry:
         annotations = chart_entry["annotations"] | annotations
 
     chart_entry["annotations"] = annotations
 
-
     digests = report_info.get_report_digests(report_path)
     if "package" in digests:
         chart_entry["digest"] = digests["package"]
 
-    return chart_entry, chart_url
-
-
-def set_package_digest(chart_entry):
-    print("[INFO] set package digests.")
-
-    url = chart_entry["urls"][0]
-    head = requests.head(url, allow_redirects=True)
-    target_digest = ""
-    if head.status_code == 200:
-        response = requests.get(url, allow_redirects=True)
-        target_digest = hashlib.sha256(response.content).hexdigest()
-
-    pkg_digest = ""
-    if "digest" in chart_entry:
-        pkg_digest = chart_entry["digest"]
-
-    if target_digest:
-        if not pkg_digest:
-            # Digest was computed but not passed
-            chart_entry["digest"] = target_digest
-        elif pkg_digest != target_digest:
-            # Digest was passed and computed but differ
-            raise Exception("Found an integrity issue. SHA256 digest passed does not match SHA256 digest computed.")
-    elif not pkg_digest:
-        # Digest was not passed and could not be computed
-        raise Exception("Was unable to compute SHA256 digest, please ensure chart url points to a chart package.")
-
-
-
-def update_index_and_push(indexfile,indexdir, repository, branch, category, organization, chart, version, chart_url, chart_entry, pr_number, provider_delivery):
-    token = os.environ.get("GITHUB_TOKEN")
-    print(f"Downloading {indexfile}")
-    r = requests.get(f'https://raw.githubusercontent.com/{repository}/{branch}/{indexfile}')
-    original_etag = r.headers.get('etag')
-    now = datetime.now(timezone.utc).astimezone().isoformat()
-    if r.status_code == 200:
-        data = yaml.load(r.text, Loader=Loader)
-        data["generated"] = now
-    else:
-        data = {"apiVersion": "v1",
-            "generated": now,
-            "entries": {}}
-
-    print("[INFO] Updating the chart entry with new version")
-    crtentries = []
-    entry_name = os.environ.get("CHART_ENTRY_NAME")
-    if not entry_name:
-        print("[ERROR] Internal error: missing chart entry name")
-        sys.exit(1)
-    d = data["entries"].get(entry_name, [])
-    for v in d:
-        if v["version"] == version:
-            continue
-        crtentries.append(v)
-
-    chart_entry["urls"] = [chart_url]
-    if not provider_delivery:
-        set_package_digest(chart_entry)
-    chart_entry["annotations"]["charts.openshift.io/submissionTimestamp"] = now
-    crtentries.append(chart_entry)
-    data["entries"][entry_name] = crtentries
-
-    print("[INFO] Add and commit changes to git")
-    out = yaml.dump(data, Dumper=Dumper)
-    print(f"{indexfile} content:\n", out)
-    with open(os.path.join(indexdir,indexfile), "w") as fd:
-        fd.write(out)
-    old_cwd = os.getcwd()
-    os.chdir(indexdir)
-    out = subprocess.run(["git", "status"], cwd=indexdir, capture_output=True)
-    print("Git status:")
-    print(out.stdout.decode("utf-8"))
-    print(out.stderr.decode("utf-8"))
-    out = subprocess.run(["git", "add", os.path.join(indexdir, indexfile)], cwd=indexdir, capture_output=True)
-    print(out.stdout.decode("utf-8"))
-    err = out.stderr.decode("utf-8")
-    if err.strip():
-        print(f"Error adding {indexfile} to git staging area", "index directory", indexdir, "branch", branch)
-    out = subprocess.run(["git", "status"], cwd=indexdir, capture_output=True)
-    print("Git status:")
-    print(out.stdout.decode("utf-8"))
-    print(out.stderr.decode("utf-8"))
-    out = subprocess.run(["git", "commit",  "-m", f"{organization}-{chart}-{version} index.yaml (#{pr_number})"], cwd=indexdir, capture_output=True)
-    print(out.stdout.decode("utf-8"))
-    err = out.stderr.decode("utf-8")
-    if err.strip():
-        print(f"Error committing {indexfile}", "index directory", indexdir, "branch", branch, "error:", err)
-    r = requests.head(f'https://raw.githubusercontent.com/{repository}/{branch}/{indexfile}')
-    etag = r.headers.get('etag')
-    if original_etag and etag and (original_etag != etag):
-        print(f"{indexfile} not updated. ETag mismatch.", "original ETag", original_etag, "new ETag", etag, "index directory", indexdir, "branch", branch)
-        sys.exit(1)
-    out = subprocess.run(["git", "status"], cwd=indexdir, capture_output=True)
-    print("Git status:")
-    print(out.stdout.decode("utf-8"))
-    print(out.stderr.decode("utf-8"))
-    out = subprocess.run(["git", "push", f"https://x-access-token:{token}@github.com/{repository}", f"HEAD:refs/heads/{branch}", "-f"], cwd=indexdir, capture_output=True)
-    print(out.stdout.decode("utf-8"))
-    print(out.stderr.decode("utf-8"))
-    if out.returncode:
-        print(f"{indexfile} not updated. Push failed.", "index directory", indexdir, "branch", branch)
-        sys.exit(1)
-    os.chdir(old_cwd)
-
-
-def update_chart_annotation(category, organization, chart_file_name, chart, report_path):
-    print("[INFO] Update chart annotation. %s, %s, %s, %s" % (category, organization, chart_file_name, chart))
+    return chart_entry
+
+
+def update_chart_annotation(
+    category, organization, chart_file_name, chart, ocp_version_range, report_path
+):
+    """Untar the helm release that was placed under .cr-release-packages, update the
+    chart's annotations, and repackage the Helm release.
+
+    In particular, following manipulations are performed on annotations:
+    * Gets the dict of annotations from the report file.
+    * Replaces the certifiedOpenShiftVersions annotation with the
+    testedOpenShiftVersion annotation.
+    * Adds supportedOpenShiftVersions if not already set.
+    * Adds (overrides) providerType.
+    * Adds provider if not already set.
+    * Merge (overrides) those annotations into the Chart's annotations.
+
+    Args:
+        category (str): Type of profile (community, partners, or redhat)
+        organization (str): Name of the organization (ex: hashicorp)
+        chart_file_name (str): Name of the chart's archive
+        chart (str): Name of the chart (ex: vault)
+        ocp_version_range (str): Range of supported OCP versions
+        report_path (str): Path to the report.yaml file
+    """
+    print(
+        "[INFO] Update chart annotation. %s, %s, %s, %s, %s"
+        % (category, organization, chart_file_name, chart, ocp_version_range)
+    )
     dr = tempfile.mkdtemp(prefix="annotations-")
 
-    annotations = indexannotations.getIndexAnnotations(report_path)
+    annotations = indexannotations.getIndexAnnotations(ocp_version_range, report_path)
 
     print("category:", category)
     redhat_to_community = bool(os.environ.get("REDHAT_TO_COMMUNITY"))
@@ -288,23 +371,45 @@ def update_chart_annotation(category, organization, chart_file_name, chart, repo
         annotations["charts.openshift.io/providerType"] = category
 
     if "charts.openshift.io/provider" not in annotations:
-        data = open(os.path.join("charts", category, organization, chart, "OWNERS")).read()
+        data = open(
+            os.path.join("charts", category, organization, chart, "OWNERS")
+        ).read()
         out = yaml.load(data, Loader=Loader)
         vendor_name = out["vendor"]["name"]
         annotations["charts.openshift.io/provider"] = vendor_name
 
-    out = subprocess.run(["tar", "zxvf", os.path.join(".cr-release-packages", f"{organization}-{chart_file_name}"), "-C", dr], capture_output=True)
+    out = subprocess.run(
+        [
+            "tar",
+            "zxvf",
+            os.path.join(".cr-release-packages", f"{chart_file_name}"),
+            "-C",
+            dr,
+        ],
+        capture_output=True,
+    )
     print(out.stdout.decode("utf-8"))
     print(out.stderr.decode("utf-8"))
 
     fd = open(os.path.join(dr, chart, "Chart.yaml"))
     data = yaml.load(fd, Loader=Loader)
-    data["annotations"] = annotations
+
+    if "annotations" not in data:
+        data["annotations"] = annotations
+    else:
+        # merge the existing annotations with our new ones, overwriting
+        # values for overlapping keys with our own.
+        # Overwriting is important because the chart may contain values that we
+        # must override, such as the providerType which changes in redhat-to-community cases.
+        # |= syntax requires py3.9
+        data["annotations"] |= annotations
     out = yaml.dump(data, Dumper=Dumper)
     with open(os.path.join(dr, chart, "Chart.yaml"), "w") as fd:
         fd.write(out)
 
-    out = subprocess.run(["helm", "package", os.path.join(dr, chart)], capture_output=True)
+    out = subprocess.run(
+        ["helm", "package", os.path.join(dr, chart)], capture_output=True
+    )
     print(out.stdout.decode("utf-8"))
     print(out.stderr.decode("utf-8"))
 
@@ -318,66 +423,96 @@ def update_chart_annotation(category, organization, chart_file_name, chart, repo
 
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument("-b", "--index-branch", dest="branch", type=str, required=True,
-                                        help="index branch")
-    parser.add_argument("-r", "--repository", dest="repository", type=str, required=True,
-                                        help="Git Repository")
-    parser.add_argument("-u", "--api-url", dest="api_url", type=str, required=True,
-                                        help="API URL for the pull request")
-    parser.add_argument("-n", "--pr-number", dest="pr_number", type=str, required=True,
-                                        help="current pull request number")
+    parser.add_argument(
+        "-r",
+        "--repository",
+        dest="repository",
+        type=str,
+        required=True,
+        help="Git Repository",
+    )
+    parser.add_argument(
+        "-u",
+        "--api-url",
+        dest="api_url",
+        type=str,
+        required=True,
+        help="API URL for the pull request",
+    )
     args = parser.parse_args()
-    branch = args.branch.split("/")[-1]
     category, organization, chart, version = get_modified_charts(args.api_url)
-    chart_source_exists, chart_tarball_exists = check_chart_source_or_tarball_exists(category, organization, chart, version)
-
-    print("[INFO] Creating Git worktree for index branch")
-    indexdir = create_worktree_for_index(branch)
+    chart_source_exists, chart_tarball_exists = check_chart_source_or_tarball_exists(
+        category, organization, chart, version
+    )
 
     env = Env()
-    provider_delivery = env.bool("PROVIDER_DELIVERY",False)
-
-    print(f'[INFO] provider delivery is {provider_delivery}')
+    web_catalog_only = env.bool("WEB_CATALOG_ONLY", False)
+    ocp_version_range = os.environ.get("OCP_VERSION_RANGE", "N/A")
 
-    if provider_delivery:
-        indexfile = "unpublished-certified-charts.yaml"
-    else:
-        indexfile = "index.yaml"
+    print(f"[INFO] webCatalogOnly/providerDelivery is {web_catalog_only}")
 
+    public_key_file = ""
     print("[INFO] Report Content : ", os.environ.get("REPORT_CONTENT"))
     if chart_source_exists or chart_tarball_exists:
         if chart_source_exists:
             prepare_chart_source_for_release(category, organization, chart, version)
         if chart_tarball_exists:
-            prepare_chart_tarball_for_release(category, organization, chart, version)
+            signed_chart = signedchart.is_chart_signed(args.api_url, "")
+            public_key_file = prepare_chart_tarball_for_release(
+                category, organization, chart, version, signed_chart
+            )
 
-        commit_hash = get_current_commit_sha()
-        print("[INFO] Publish chart release to GitHub")
-        push_chart_release(args.repository, organization, commit_hash)
+        chart_file_name = f"{chart}-{version}.tgz"
+        tarball_path = os.path.join(
+            os.getcwd(), ".cr-release-packages", chart_file_name
+        )
+        gitutils.add_output("path_to_chart_tarball", tarball_path)
 
         print("[INFO] Check if report exist as part of the commit")
-        report_exists, report_path = check_report_exists(category, organization, chart, version)
-        chart_file_name = f"{chart}-{version}.tgz"
+        report_exists, report_path = check_report_exists(
+            category, organization, chart, version
+        )
+
         if report_exists:
             shutil.copy(report_path, "report.yaml")
         else:
-            tag = os.environ.get("CHART_NAME_WITH_VERSION")
-            if not tag:
-                print("[ERROR] Internal error: missing chart name with version (tag)")
-                sys.exit(1)
-            print(f"::set-output name=tag::{tag}")
-            print("[INFO] Genereate report")
-            report_path = generate_report(chart_file_name)
+            print("[INFO] Generate report")
+            report_path = generate_report()
 
         print("[INFO] Updating chart annotation")
-        update_chart_annotation(category, organization, chart_file_name, chart, report_path)
-        chart_url = f"https://github.com/{args.repository}/releases/download/{organization}-{chart}-{version}/{organization}-{chart}-{version}.tgz"
-        print("[INFO] Helm package was released at %s" % chart_url)
+        update_chart_annotation(
+            category,
+            organization,
+            chart_file_name,
+            chart,
+            ocp_version_range,
+            report_path,
+        )
+        chart_url = f"https://github.com/{args.repository}/releases/download/{organization}-{chart}-{version}/{chart_file_name}"
         print("[INFO] Creating index from chart")
-        chart_entry = create_index_from_chart(indexdir, args.repository, branch, category, organization, chart, version, chart_url)
+        chart_entry = create_index_from_chart(chart_file_name)
     else:
-        report_path = os.path.join("charts", category, organization, chart, version, "report.yaml")
+        report_path = os.path.join(
+            "charts", category, organization, chart, version, "report.yaml"
+        )
+        print(f"[INFO] Report only PR: {report_path}")
+        shutil.copy(report_path, "report.yaml")
+        if signedchart.check_report_for_signed_chart(report_path):
+            public_key_file = get_key_file(category, organization, chart, version)
         print("[INFO] Creating index from report")
-        chart_entry, chart_url = create_index_from_report(category, report_path)
-
-    update_index_and_push(indexfile,indexdir, args.repository, branch, category, organization, chart, version, chart_url, chart_entry, args.pr_number, provider_delivery)
+        chart_url = report_info.get_report_chart_url(report_path)
+        chart_entry = create_index_from_report(category, ocp_version_range, report_path)
+
+    if not web_catalog_only:
+        current_dir = os.getcwd()
+        gitutils.add_output("report_file", f"{current_dir}/report.yaml")
+        if public_key_file:
+            print(f"[INFO] Add key file for release : {current_dir}/{public_key_file}")
+            gitutils.add_output("public_key_file", f"{current_dir}/{public_key_file}")
+
+    gitutils.add_output("chart_entry", _encode_chart_entry(chart_entry))
+    gitutils.add_output("chart_url", chart_url)
+    gitutils.add_output("version", version)
+
+    print("Sleeping for 10 seconds")
+    time.sleep(10)
diff --git a/scripts/src/chartrepomanager/indexannotations.py b/scripts/src/chartrepomanager/indexannotations.py
index d2b593cf9c3..9533be960f4 100644
--- a/scripts/src/chartrepomanager/indexannotations.py
+++ b/scripts/src/chartrepomanager/indexannotations.py
@@ -1,94 +1,26 @@
 import sys
 import semantic_version
-import requests
-import yaml
 
-sys.path.append('../')
+sys.path.append("../")
 from report import report_info
 
-kubeOpenShiftVersionMap = {}
 
-def getKubVersionMap():
+def getIndexAnnotations(ocp_version_range, report_path):
+    """Get the annotations set in the report file.
 
-    if not kubeOpenShiftVersionMap:
-       content = requests.get("https://github.com/redhat-certification/chart-verifier/blob/main/internal/tool/kubeOpenShiftVersionMap.yaml?raw=true")
-       version_data = yaml.safe_load(content.text)
-       for kubeVersion in version_data["versions"]:
-           kubeOpenShiftVersionMap[kubeVersion["kube-version"]] = kubeVersion["ocp-version"]
+    This function replaces the certifiedOpenShiftVersions annotation with the
+    testedOpenShiftVersion annotation. It also adds the
+    supportedOpenShiftVersions in the case it is not already set.
 
-    return  kubeOpenShiftVersionMap
+    It leaves all other annotations untouched.
 
+    Args:
+        ocp_version_range (str): Range of supported OCP versions
+        report_path (str): Path to the report.yaml file
 
-def getOCPVersions(kubeVersion):
-
-    if kubeVersion == "":
-        return "N/A"
-
-    checkKubeVersion = kubeVersion
-
-    try:
-        semantic_version.NpmSpec(kubeVersion)
-    except ValueError:
-        print(f"Value error with kubeVersion -  NpmSpec : {kubeVersion}, see if it fixable")
-
-        try:
-            # Kubversion is bad, see if we can fix it
-            separator = checkKubeVersion.find(" - ")
-            if separator != -1:
-                lowVersion = checkKubeVersion[:separator].strip()
-                highVersion = checkKubeVersion[separator+3:].strip()
-                checkKubeVersion = f"{semantic_version.Version.coerce(lowVersion)} - {semantic_version.Version.coerce(highVersion)}"
-            else:
-                firstDigit = -1
-                for i, c in enumerate(checkKubeVersion):
-                    if c.isdigit():
-                        firstDigit = i
-                        break
-                if firstDigit != -1:
-                    versionInRange = checkKubeVersion[firstDigit:].strip()
-                    preVersion = checkKubeVersion[:firstDigit].strip()
-                    checkKubeVersion = f"{preVersion}{semantic_version.Version.coerce(versionInRange)}"
-
-            # see if the updates have helped
-            semantic_version.NpmSpec(checkKubeVersion)
-            print(f"Fixed value error in kubeVersion : {checkKubeVersion}")
-
-        except ValueError:
-            print(f"Unable to fix value error in kubeVersion : {kubeVersion}")
-            return "N/A"
-
-
-    minOCP = ""
-    maxOCP = ""
-    getKubVersionMap()
-    for kubeVersionKey in kubeOpenShiftVersionMap :
-        #print(f"\n   Map entry : {kubeVersionKey}: {kubeOpenShiftVersionMap[kubeVersionKey]}")
-        #print(f"   MinOCP : {minOCP}, maxOCP: {maxOCP}")
-        coercedKubeVersionKey = semantic_version.Version.coerce(kubeVersionKey)
-        if coercedKubeVersionKey in semantic_version.NpmSpec(checkKubeVersion):
-            coercedOCPVersionValue = semantic_version.Version.coerce(kubeOpenShiftVersionMap[kubeVersionKey])
-            if minOCP == "" or  semantic_version.Version.coerce(minOCP) > coercedOCPVersionValue:
-                minOCP = kubeOpenShiftVersionMap[kubeVersionKey]
-                #print(f"   Found new min : {checkKubeVersion}: {minOCP}")
-            if maxOCP == "" or semantic_version.Version.coerce(maxOCP) < coercedOCPVersionValue:
-                maxOCP = kubeOpenShiftVersionMap[kubeVersionKey]
-                #print(f"   Found new Max : {checkKubeVersion}: {maxOCP}")
-
-    # check if minOCP is open ended
-    if minOCP != "" and semantic_version.Version("1.999.999") in semantic_version.NpmSpec(checkKubeVersion):
-        ocp_versions = f">={minOCP}"
-    elif minOCP == "":
-        ocp_versions = "N/A"
-    elif maxOCP == "" or maxOCP == minOCP:
-        ocp_versions = minOCP
-    else:
-        ocp_versions = f"{minOCP} - {maxOCP}"
-
-    return ocp_versions
-
-
-def getIndexAnnotations(report_path):
-
+    Returns:
+        dict: mapping of annotations names to their values
+    """
     annotations = report_info.get_report_annotations(report_path)
 
     set_annotations = {}
@@ -98,20 +30,21 @@ def getIndexAnnotations(report_path):
             full_version = annotations[annotation]
             if full_version != "N/A" and semantic_version.validate(full_version):
                 ver = semantic_version.Version(full_version)
-                set_annotations["charts.openshift.io/testedOpenShiftVersion"] = f"{ver.major}.{ver.minor}"
+                set_annotations[
+                    "charts.openshift.io/testedOpenShiftVersion"
+                ] = f"{ver.major}.{ver.minor}"
             else:
-                set_annotations["charts.openshift.io/testedOpenShiftVersion"] = annotations[annotation]
+                set_annotations[
+                    "charts.openshift.io/testedOpenShiftVersion"
+                ] = annotations[annotation]
         else:
             if annotation == "charts.openshift.io/supportedOpenShiftVersions":
                 OCPSupportedSet = True
             set_annotations[annotation] = annotations[annotation]
 
     if not OCPSupportedSet:
-        chart = report_info.get_report_chart(report_path)
-        OCPVersions = "N/A"
-        if "kubeVersion" in  chart and chart["kubeVersion"]:
-            kubeVersion = chart["kubeVersion"]
-            OCPVersions = getOCPVersions(kubeVersion)
-        set_annotations["charts.openshift.io/supportedOpenShiftVersions"] = OCPVersions
+        set_annotations[
+            "charts.openshift.io/supportedOpenShiftVersions"
+        ] = ocp_version_range
 
     return set_annotations
diff --git a/scripts/src/checkautomerge/checkautomerge.py b/scripts/src/checkautomerge/checkautomerge.py
index 4ead5dcf6b3..25f61b91cbe 100644
--- a/scripts/src/checkautomerge/checkautomerge.py
+++ b/scripts/src/checkautomerge/checkautomerge.py
@@ -1,27 +1,45 @@
 import time
 import sys
 import argparse
+import os
 
 import requests
 
+
 def ensure_pull_request_not_merged(api_url):
     # api_url https://api.github.com/repos/<organization-name>/<repository-name>/pulls/1
-    headers = {'Accept': 'application/vnd.github.v3+json'}
+    headers = {
+        "Accept": "application/vnd.github.v3+json",
+        "Authorization": f'Bearer {os.environ.get("BOT_TOKEN")}',
+    }
     merged = False
     for i in range(20):
         r = requests.get(api_url, headers=headers)
-        if r.json()["merged"]:
+        response_content = r.json()
+        if "message" in response_content:
+            print(f'[ERROR] merge status: {response_content["message"]}')
+            sys.exit(1)
+
+        if response_content["merged"]:
             merged = True
             break
+
         time.sleep(10)
 
     if not merged:
         print("[ERROR] Pull request not merged")
         sys.exit(1)
 
+
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument("-u", "--api-url", dest="api_url", type=str, required=True,
-                                        help="API URL for the pull request")
+    parser.add_argument(
+        "-u",
+        "--api-url",
+        dest="api_url",
+        type=str,
+        required=True,
+        help="API URL for the pull request",
+    )
     args = parser.parse_args()
     ensure_pull_request_not_merged(args.api_url)
diff --git a/scripts/src/checkprcontent/checkpr.py b/scripts/src/checkprcontent/checkpr.py
index 65fadcf9e32..4ecc69bbf06 100644
--- a/scripts/src/checkprcontent/checkpr.py
+++ b/scripts/src/checkprcontent/checkpr.py
@@ -2,226 +2,292 @@
 import os
 import sys
 import argparse
+import json
 
 import requests
+import semver
 import yaml
+
+from reporegex import matchers
+
 try:
-    from yaml import CLoader as Loader, CDumper as Dumper
+    from yaml import CLoader as Loader
 except ImportError:
-    from yaml import Loader, Dumper
+    from yaml import Loader
 
-sys.path.append('../')
+sys.path.append("../")
 from owners import owners_file
 from report import verifier_report
+from pullrequest import prartifact
+from tools import gitutils
 
 ALLOW_CI_CHANGES = "allow/ci-changes"
-TYPE_MATCH_EXPRESSION = "(partners|redhat|community)"
 
-def check_provider_delivery(report_in_pr,num_files_in_pr,report_file_match):
 
+def check_web_catalog_only(report_in_pr, num_files_in_pr, report_file_match):
     print(f"[INFO] report in PR {report_in_pr}")
     print(f"[INFO] num files in PR {num_files_in_pr}")
-    
+
     category, organization, chart, version = report_file_match.groups()
 
-    print(f"read owners file : {category}/{organization}/{chart}" )
-    found_owners,owner_data = owners_file.get_owner_data(category, organization, chart)
+    print(f"read owners file : {category}/{organization}/{chart}")
+    found_owners, owner_data = owners_file.get_owner_data(category, organization, chart)
 
     if found_owners:
-        owner_provider_delivery = owners_file.get_provider_delivery(owner_data)
-        print(f"[INFO] providerDelivery from OWNERS : {owner_provider_delivery}")
+        owner_web_catalog_only = owners_file.get_web_catalog_only(owner_data)
+        print(
+            f"[INFO] webCatalogOnly/providerDelivery from OWNERS : {owner_web_catalog_only}"
+        )
     else:
         msg = "[ERROR] OWNERS file was not found."
         print(msg)
-        print(f"::set-output name=owners-error-message::{msg}")
+        gitutils.add_output("owners-error-message", msg)
         sys.exit(1)
 
     if report_in_pr:
-        report_file_path = os.path.join("pr-branch","charts", category, organization, chart, version, "report.yaml")
-        print(f"read report file : {report_file_path}" )
-        found_report,report_data = verifier_report.get_report_data(report_file_path)
+        report_file_path = os.path.join(
+            "pr-branch", "charts", category, organization, chart, version, "report.yaml"
+        )
+        print(f"read report file : {report_file_path}")
+        found_report, report_data = verifier_report.get_report_data(report_file_path)
 
         if found_report:
-            report_provider_delivery = verifier_report.get_provider_delivery(report_data)
-            print(f"[INFO] providerDelivery from report : {report_provider_delivery}")
+            report_web_catalog_only = verifier_report.get_web_catalog_only(report_data)
+            print(
+                f"[INFO] webCatalogOnly/providerDelivery from report : {report_web_catalog_only}"
+            )
         else:
             msg = f"[ERROR] Failed tp open report: {report_file_path}."
             print(msg)
-            print(f"::set-output name=pr-content-error-message::{msg}")
+            gitutils.add_output("pr-content-error-message", msg)
             sys.exit(1)
 
-    provider_delivery = False
+    web_catalog_only = False
     if report_in_pr and num_files_in_pr > 1:
-        if report_provider_delivery or owner_provider_delivery:
-            msg = f"[ERROR] OWNERS file and/or report indicate provider controlled delivery but pull request is not report only."
+        if report_web_catalog_only or owner_web_catalog_only:
+            msg = "[ERROR] The web catalog distribution method requires the pull request to be report only."
             print(msg)
-            print(f"::set-output name=pr-content-error-message::{msg}")
+            gitutils.add_output("pr-content-error-message", msg)
             sys.exit(1)
     elif report_in_pr:
-        if report_provider_delivery and owner_provider_delivery:
+        if report_web_catalog_only and owner_web_catalog_only:
             if verifier_report.get_package_digest(report_data):
-                provider_delivery = True
+                web_catalog_only = True
             else:
-                msg = f"[ERROR] Provider delivery control requires a package digest in the report."
+                msg = "[ERROR] The web catalog distribution method requires a package digest in the report."
                 print(msg)
-                print(f"::set-output name=pr-content-error-message::{msg}")
+                gitutils.add_output("pr-content-error-message", msg)
                 sys.exit(1)
-        elif report_provider_delivery:
-            msg = f"[ERROR] Report indicates provider controlled delivery but OWNERS file does not."
+        elif report_web_catalog_only:
+            msg = "[ERROR] Report indicates web catalog only but the distribution method set for the chart is not web catalog only."
             print(msg)
-            print(f"::set-output name=pr-content-error-message::{msg}")
+            gitutils.add_output("pr-content-error-message", msg)
             sys.exit(1)
-        elif owner_provider_delivery:
-            msg = f"[ERROR] OWNERS file indicates provider controlled delivery but report does not."
+        elif owner_web_catalog_only:
+            msg = "[ERROR] The web catalog distribution method is set for the chart but is not set in the report."
             print(msg)
-            print(f"::set-output name=pr-content-error-message::{msg}")
+            gitutils.add_output("pr-content-error-message", msg)
             sys.exit(1)
 
-    if provider_delivery:
-        print(f"[INFO] providerDelivery is a go")
-        print(f"::set-output name=providerDelivery::True")
+    if web_catalog_only:
+        print("[INFO] webCatalogOnly/providerDelivery is a go")
+        gitutils.add_output("web_catalog_only", "True")
     else:
-        print(f"::set-output name=providerDelivery::False")
-        print(f"[INFO] providerDelivery is a no-go")
+        gitutils.add_output("web_catalog_only", "False")
+        print("[INFO] webCatalogOnly/providerDelivery is a no-go")
+
 
 def get_file_match_compiled_patterns():
-    """Return a tuple of patterns, where the first can be used to match any file in a chart PR 
+    """Return a tuple of patterns, where the first can be used to match any file in a chart PR
     and the second can be used to match a valid report file within a chart PR. The patterns
     match based on the relative path of a file to the base repository
-    
+
     Both patterns capture chart type, chart vendor, chart name and chart version from the file path..
-    
+
     Examples of valid file paths are:
-    
+
     charts/partners/hashicorp/vault/0.20.0/<file>
     charts/partners/hashicorp/vault/0.20.0//report.yaml
     """
 
-    pattern = re.compile(r"charts/"+TYPE_MATCH_EXPRESSION+"/([\w-]+)/([\w-]+)/([\w\.-]+)/.*")
-    reportpattern = re.compile(r"charts/"+TYPE_MATCH_EXPRESSION+"/([\w-]+)/([\w-]+)/([\w\.-]+)/report.yaml")
+    base = matchers.submission_path_matcher()
 
-    return pattern,reportpattern
+    pattern = re.compile(base + r"/.*")
+    reportpattern = re.compile(base + r"/report.yaml")
+    tarballpattern = re.compile(base + r"/(.*\.tgz$)")
+    return pattern, reportpattern, tarballpattern
 
 
 def ensure_only_chart_is_modified(api_url, repository, branch):
-    # api_url https://api.github.com/repos/<organization-name>/<repository-name>/pulls/1
-    headers = {'Accept': 'application/vnd.github.v3+json'}
-    r = requests.get(api_url, headers=headers)
-    for label in r.json()["labels"]:
-        if label["name"] == ALLOW_CI_CHANGES:
+    label_names = prartifact.get_labels(api_url)
+    for label_name in label_names:
+        if label_name == ALLOW_CI_CHANGES:
             return
-    files_api_url = f'{api_url}/files'
-    headers = {'Accept': 'application/vnd.github.v3+json'}
-    r = requests.get(files_api_url, headers=headers)
-    pattern,reportpattern = get_file_match_compiled_patterns()
-    page_number = 1
-    max_page_size,page_size = 100,100
+
+    files = prartifact.get_modified_files(api_url)
+    pattern, reportpattern, tarballpattern = get_file_match_compiled_patterns()
     matches_found = 0
     report_found = False
     none_chart_files = {}
-    file_count = 0
-
-    while page_size == max_page_size:
-
-        files_api_query = f'{files_api_url}?per_page={page_size}&page={page_number}'
-        print(f"Query files : {files_api_query}")
-        r = requests.get(files_api_query,headers=headers)
-        files = r.json()
-        page_size = len(files)
-        file_count += page_size
-        page_number += 1
-
-        for f in files:
-            file_path = f["filename"]
-            match = pattern.match(file_path)
-            if not match:
-                file_name = os.path.basename(file_path)
-                none_chart_files[file_name] = file_path
+
+    for file_path in files:
+        match = pattern.match(file_path)
+        if not match:
+            file_name = os.path.basename(file_path)
+            none_chart_files[file_name] = file_path
+        else:
+            matches_found += 1
+            if reportpattern.match(file_path):
+                print(f"[INFO] Report found: {file_path}")
+                gitutils.add_output("report-exists", "true")
+                report_found = True
             else:
-                matches_found += 1
-                if reportpattern.match(file_path):
-                    print("[INFO] Report found")
-                    print("::set-output name=report-exists::true")
-                    report_found = True
-                if matches_found == 1:
-                    pattern_match = match
-                elif pattern_match.groups() != match.groups():
-                    msg = "[ERROR] A PR must contain only one chart. Current PR includes files for multiple charts."
-                    print(msg)
-                    print(f"::set-output name=pr-content-error-message::{msg}")
-                    exit(1)
-    
+                tar_match = tarballpattern.match(file_path)
+                if tar_match:
+                    print(f"[INFO] tarball found: {file_path}")
+                    _, _, chart_name, chart_version, tar_name = tar_match.groups()
+                    expected_tar_name = f"{chart_name}-{chart_version}.tgz"
+                    if tar_name != expected_tar_name:
+                        msg = f"[ERROR] the tgz file is named incorrectly. Expected: {expected_tar_name}. Got: {tar_name}"
+                        print(msg)
+                        gitutils.add_output("pr-content-error-message", msg)
+                        exit(1)
+
+            if matches_found == 1:
+                pattern_match = match
+            elif pattern_match.groups() != match.groups():
+                msg = "[ERROR] A PR must contain only one chart. Current PR includes files for multiple charts."
+                print(msg)
+                gitutils.add_output("pr-content-error-message", msg)
+                exit(1)
+
     if none_chart_files:
-        if file_count > 1 or "OWNERS" not in none_chart_files: #OWNERS not present or preset but not the only file
+        if (
+            len(files) > 1 or "OWNERS" not in none_chart_files
+        ):  # OWNERS not present or preset but not the only file
             example_file = list(none_chart_files.values())[0]
             msg = f"[ERROR] PR includes one or more files not related to charts, e.g., {example_file}"
             print(msg)
-            print(f"::set-output name=pr-content-error-message::{msg}")
+            gitutils.add_output("pr-content-error-message", msg)
 
         if "OWNERS" in none_chart_files:
             file_path = none_chart_files["OWNERS"]
             path_parts = file_path.split("/")
-            category = path_parts[1] # Second after charts
+            category = path_parts[1]  # Second after charts
             if category == "partners":
                 msg = "[ERROR] OWNERS file should never be set directly by partners. See certification docs."
                 print(msg)
-                print(f"::set-output name=owners-error-message::{msg}")
-            elif matches_found>0: # There is a mix of chart and non-chart files including OWNERS
+                gitutils.add_output("owners-error-message", msg)
+            elif (
+                matches_found > 0
+            ):  # There is a mix of chart and non-chart files including OWNERS
                 msg = "[ERROR] Send OWNERS file by itself in a separate PR."
                 print(msg)
-                print(f"::set-output name=owners-error-message::{msg}")
-            elif file_count == 1: # OWNERS file is the only file in PR
+                gitutils.add_output("owners-error-message", msg)
+            elif len(files) == 1:  # OWNERS file is the only file in PR
                 msg = "[INFO] OWNERS file changes require manual review by maintainers."
                 print(msg)
-                print(f"::set-output name=owners-error-message::{msg}") 
-                
+                gitutils.add_output("owners-error-message", msg)
+
         sys.exit(1)
 
-    check_provider_delivery(report_found,matches_found,pattern_match)
+    check_web_catalog_only(report_found, matches_found, pattern_match)
 
-    if matches_found>0:
+    if matches_found > 0:
         category, organization, chart, version = pattern_match.groups()
-        print(f"::set-output name=category::{'partner' if category == 'partners' else category}")
-        print(f"::set-output name=organization::{organization}")
+        gitutils.add_output(
+            "category", f"{'partner' if category == 'partners' else category}"
+        )
+        gitutils.add_output("organization", organization)
+
+        if not semver.VersionInfo.isvalid(version):
+            msg = (
+                f"[ERROR] Helm chart version is not a valid semantic version: {version}"
+            )
+            print(msg)
+            gitutils.add_output("pr-content-error-message", msg)
+            sys.exit(1)
+
         print("Downloading index.yaml", category, organization, chart, version)
-        r = requests.get(f'https://raw.githubusercontent.com/{repository}/{branch}/index.yaml')
+        r = requests.get(
+            f"https://raw.githubusercontent.com/{repository}/{branch}/index.yaml"
+        )
+
         if r.status_code == 200:
             data = yaml.load(r.text, Loader=Loader)
         else:
-            data = {"apiVersion": "v1",
-                "entries": {}}
+            data = {"apiVersion": "v1", "entries": {}}
 
-        crtentries = []
         entry_name = f"{organization}-{chart}"
         d = data["entries"].get(entry_name, [])
-        print(f"::set-output name=chart-entry-name::{entry_name}")
+        gitutils.add_output("chart-entry-name", entry_name)
         for v in d:
             if v["version"] == version:
                 msg = f"[ERROR] Helm chart release already exists in the index.yaml: {version}"
                 print(msg)
-                print(f"::set-output name=pr-content-error-message::{msg}")
+                gitutils.add_output("pr-content-error-message", msg)
                 sys.exit(1)
 
         tag_name = f"{organization}-{chart}-{version}"
-        print(f"::set-output name=chart-name-with-version::{tag_name}")
+        gitutils.add_output("release_tag", tag_name)
         tag_api = f"https://api.github.com/repos/{repository}/git/ref/tags/{tag_name}"
-        headers = {'Accept': 'application/vnd.github.v3+json'}
+        headers = {
+            "Accept": "application/vnd.github.v3+json",
+            "Authorization": f'Bearer {os.environ.get("BOT_TOKEN")}',
+        }
         print(f"[INFO] checking tag: {tag_api}")
         r = requests.head(tag_api, headers=headers)
         if r.status_code == 200:
             msg = f"[ERROR] Helm chart release already exists in the GitHub Release/Tag: {tag_name}"
             print(msg)
-            print(f"::set-output name=pr-content-error-message::{msg}")
+            gitutils.add_output("pr-content-error-message", msg)
             sys.exit(1)
+        try:
+            if prartifact.xRateLimit in r.headers:
+                print(
+                    f"[DEBUG] {prartifact.xRateLimit} : {r.headers[prartifact.xRateLimit]}"
+                )
+            if prartifact.xRateRemain in r.headers:
+                print(
+                    f"[DEBUG] {prartifact.xRateRemain}  : {r.headers[prartifact.xRateRemain]}"
+                )
+
+            response_content = r.json()
+            if "message" in response_content:
+                print(
+                    f'[ERROR] getting index file content: {response_content["message"]}'
+                )
+                sys.exit(1)
+        except json.decoder.JSONDecodeError:
+            pass
+
 
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument("-b", "--index-branch", dest="branch", type=str, required=True,
-                                        help="index branch")
-    parser.add_argument("-r", "--repository", dest="repository", type=str, required=True,
-                                        help="Git Repository")
-    parser.add_argument("-u", "--api-url", dest="api_url", type=str, required=True,
-                                        help="API URL for the pull request")
+    parser.add_argument(
+        "-b",
+        "--index-branch",
+        dest="branch",
+        type=str,
+        required=True,
+        help="index branch",
+    )
+    parser.add_argument(
+        "-r",
+        "--repository",
+        dest="repository",
+        type=str,
+        required=True,
+        help="Git Repository",
+    )
+    parser.add_argument(
+        "-u",
+        "--api-url",
+        dest="api_url",
+        type=str,
+        required=True,
+        help="API URL for the pull request",
+    )
     args = parser.parse_args()
     branch = args.branch.split("/")[-1]
     ensure_only_chart_is_modified(args.api_url, args.repository, branch)
diff --git a/scripts/src/indexfile/index.py b/scripts/src/indexfile/index.py
index 271620cc30e..b45201ddde2 100644
--- a/scripts/src/indexfile/index.py
+++ b/scripts/src/indexfile/index.py
@@ -1,15 +1,14 @@
-
 import json
 import requests
 import yaml
 import semantic_version
 import sys
 
-sys.path.append('../')
-from chartrepomanager import indexannotations
+sys.path.append("../")
 
 INDEX_FILE = "https://charts.openshift.io/index.yaml"
 
+
 def _make_http_request(url, body=None, params={}, headers={}, verbose=False):
     response = requests.get(url, params=params, headers=headers, json=body)
     if verbose:
@@ -19,24 +18,29 @@ def _make_http_request(url, body=None, params={}, headers={}, verbose=False):
         print(response.text)
     return response.text
 
+
 def _load_index_yaml():
     yaml_text = _make_http_request(INDEX_FILE)
     dct = yaml.safe_load(yaml_text)
     return dct
 
+
 def get_chart_info(tar_name):
     index_dct = _load_index_yaml()
     for entry, charts in index_dct["entries"].items():
         if tar_name.startswith(entry):
             for chart in charts:
                 index_tar_name = f"{entry}-{chart['version']}"
-                if tar_name == index_tar_name :
+                if tar_name == index_tar_name:
                     print(f"[INFO] match found: {tar_name}")
-                    providerType = chart["annotations"]["charts.openshift.io/providerType"]
+                    providerType = chart["annotations"][
+                        "charts.openshift.io/providerType"
+                    ]
                     provider = chart["annotations"]["charts.openshift.io/provider"]
                     return providerType, provider, chart["name"], chart["version"]
     print(f"[INFO] match not found: {tar_name}")
-    return "","","",""
+    return "", "", "", ""
+
 
 def get_charts_info():
     chart_info_list = []
@@ -45,48 +49,53 @@ def get_charts_info():
     for entry, charts in index_dct["entries"].items():
         for chart in charts:
             chart_info = {}
-            chart_info["name"] = chart['name']
+            chart_info["name"] = chart["name"]
             chart_info["version"] = chart["version"]
-            chart_info["providerType"] = chart["annotations"]["charts.openshift.io/providerType"]
-            chart_info["provider"] =  entry.removesuffix(f'-{chart["name"]}')
-            #print(f'[INFO] found chart : {chart_info["provider"]} {chart["name"]} {chart["version"]} ')
-            if 'charts.openshift.io/supportedOpenShiftVersions' in chart["annotations"]:
-                chart_info["supportedOCP"] = chart["annotations"]["charts.openshift.io/supportedOpenShiftVersions"]
+            chart_info["providerType"] = chart["annotations"][
+                "charts.openshift.io/providerType"
+            ]
+            chart_info["provider"] = entry.removesuffix(f'-{chart["name"]}')
+            # print(f'[INFO] found chart : {chart_info["provider"]} {chart["name"]} {chart["version"]} ')
+            if "charts.openshift.io/supportedOpenShiftVersions" in chart["annotations"]:
+                chart_info["supportedOCP"] = chart["annotations"][
+                    "charts.openshift.io/supportedOpenShiftVersions"
+                ]
             else:
                 chart_info["supportedOCP"] = ""
             if "kubeVersion" in chart:
                 chart_info["kubeVersion"] = chart["kubeVersion"]
             else:
-                chart_info["kubeVersion"] =""
+                chart_info["kubeVersion"] = ""
             chart_info_list.append(chart_info)
 
     return chart_info_list
 
+
 def get_latest_charts():
     chart_list = get_charts_info()
 
     print(f"{len(chart_list)} charts found in Index file")
 
-    chart_in_process = {"name" : ""}
+    chart_in_process = {"name": ""}
     chart_latest_version = ""
     latest_charts = []
 
-    for index,chart in enumerate(chart_list):
+    for index, chart in enumerate(chart_list):
         chart_name = chart["name"]
-        #print(f'[INFO] look for latest chart : {chart_name} {chart["version"]}')
+        # print(f'[INFO] look for latest chart : {chart_name} {chart["version"]}')
         if chart_name == chart_in_process["name"]:
             new_version = semantic_version.Version.coerce(chart["version"])
-            #print(f'   [INFO] compare chart versions : {new_version}({chart["version"]}) : {chart_latest_version}')
+            # print(f'   [INFO] compare chart versions : {new_version}({chart["version"]}) : {chart_latest_version}')
             if new_version > chart_latest_version:
-                #print(f'   [INFO] a new latest chart version : {new_version}')
+                # print(f'   [INFO] a new latest chart version : {new_version}')
                 chart_latest_version = new_version
                 chart_in_process = chart
         else:
             if chart_in_process["name"] != "":
-                #print(f'   [INFO] chart completed : {chart_in_process["name"]} {chart_in_process["version"]}')
+                # print(f'   [INFO] chart completed : {chart_in_process["name"]} {chart_in_process["version"]}')
                 latest_charts.append(chart_in_process)
 
-                #print(f'[INFO] new  chart found : {chart_name} {chart["version"]}')
+                # print(f'[INFO] new  chart found : {chart_name} {chart["version"]}')
                 chart_in_process = chart
                 chart_version = chart["version"]
                 if chart_version.startswith("v"):
@@ -95,40 +104,8 @@ def get_latest_charts():
             else:
                 chart_in_process = chart
 
-        if index+1 == len(chart_list):
-            #print(f'   [INFO] last chart completed : {chart_in_process["name"]} {chart_in_process["version"]}')
+        if index + 1 == len(chart_list):
+            # print(f'   [INFO] last chart completed : {chart_in_process["name"]} {chart_in_process["version"]}')
             latest_charts.append(chart_in_process)
 
     return latest_charts
-
-
-if __name__ == "__main__":
-    get_chart_info("redhat-dotnet-0.0.1")
-
-    chart_list = get_latest_charts()
-
-    for chart in chart_list:
-        print(f'[INFO] found latest chart : {chart["name"]} {chart["version"]}')
-
-
-    OCP_VERSION = semantic_version.Version.coerce("4.11")
-
-    for chart in chart_list:
-        if "supportedOCP" in chart and chart["supportedOCP"] != "N/A" and chart["supportedOCP"] != "":
-            if OCP_VERSION in semantic_version.NpmSpec(chart["supportedOCP"]):
-                print(f'PASS: Chart supported OCP version {chart["supportedOCP"]} includes: {OCP_VERSION}')
-            else:
-                print(f'   ERROR: Chart supported OCP version {chart["supportedOCP"]} does not include {OCP_VERSION}')
-        elif "kubeVersion" in chart and chart["kubeVersion"] != "":
-            supportedOCPVersion = indexannotations.getOCPVersions(chart["kubeVersion"])
-            if OCP_VERSION in semantic_version.NpmSpec(supportedOCPVersion):
-                print(f'PASS: Chart kubeVersion  {chart["kubeVersion"]} (OCP: {supportedOCPVersion}) includes OCP version: {OCP_VERSION}')
-            else:
-                print(f'   ERROR: Chart kubeVersion {chart["kubeVersion"]} (OCP: {supportedOCPVersion}) does not include {OCP_VERSION}')
-
-
-
-
-
-
-
diff --git a/scripts/src/metrics/metrics.py b/scripts/src/metrics/metrics.py
index 056127ae52e..00e96aa8348 100644
--- a/scripts/src/metrics/metrics.py
+++ b/scripts/src/metrics/metrics.py
@@ -1,7 +1,5 @@
-
 import argparse
 import itertools
-import json
 import requests
 import sys
 import analytics
@@ -9,20 +7,44 @@
 import re
 from github import Github
 
-sys.path.append('../')
+sys.path.append("../")
 from indexfile import index
 from pullrequest import prepare_pr_comment as pr_comment
+from collections import OrderedDict
+from reporegex import matchers
+
+file_pattern = re.compile(
+    matchers.submission_path_matcher(strict_categories=False) + r"/.*"
+)
+chart_downloads_event = "Chart Downloads v1.0"
+ignore_users = [
+    "zonggen",
+    "mmulholla",
+    "dperaza4dustbit",
+    "openshift-helm-charts-bot",
+    "baijum",
+    "tisutisu",
+    "rhrivero",
+    "Kartikey-star",
+]
+pr_submission = "PR Submission v1.0"
+pr_merged = "PR Merged v1.0"
+pr_outcome = "PR Outcome v1.0"
+charts = "charts"
+xRateLimit = "X-RateLimit-Limit"
+xRateRemain = "X-RateLimit-Remaining"
 
-file_pattern = re.compile(r"charts/([\w-]+)/([\w-]+)/([\w\.-]+)/([\w\.-]+)/.*")
-ignore_users=["zonggen","mmulholla","dperaza4dustbit","openshift-helm-charts-bot","baijum","tisutisu","rhrivero"]
 
 def parse_response(response):
     result = []
     for obj in response:
-        if 'name' in obj and 'assets' in obj:
-            for asset in obj['assets']:
+        if "name" in obj and "assets" in obj:
+            for asset in obj["assets"]:
                 if asset["name"].endswith(".tgz"):
-                    release = { 'name' : obj['name'], "asset" : { asset.get('name') : asset.get('download_count', 0)}}
+                    release = {
+                        "name": obj["name"],
+                        "asset": {asset.get("name"): asset.get("download_count", 0)},
+                    }
                     result.append(release)
     return result
 
@@ -30,37 +52,107 @@ def parse_response(response):
 def get_release_metrics():
     result = []
     for i in itertools.count(start=1):
+        request_headers = {
+            "Accept": "application/vnd.github.v3+json",
+            "Authorization": f'Bearer {os.environ.get("BOT_TOKEN")}',
+        }
         response = requests.get(
-            f'https://api.github.com/repos/openshift-helm-charts/charts/releases?per_page=100&page={i}')
+            f"https://api.github.com/repos/openshift-helm-charts/charts/releases?per_page=100&page={i}",
+            headers=request_headers,
+        )
+
         if not 200 <= response.status_code < 300:
-            print(f"[ERROR] unexpected response getting release data : {response.status_code} : {response.reason}")
+            print(
+                f"[ERROR] unexpected response getting release data : {response.status_code} : {response.reason}"
+            )
             sys.exit(1)
+
         response_json = response.json()
+        if xRateLimit in response.headers:
+            print(f"[DEBUG] {xRateLimit} : {response.headers[xRateLimit]}")
+        if xRateRemain in response.headers:
+            print(f"[DEBUG] {xRateRemain}  : {response.headers[xRateRemain]}")
+
+        if "message" in response_json:
+            print(f'[ERROR] getting pr files: {response_json["message"]}')
+            sys.exit(1)
+
         if len(response_json) == 0:
             break
         result.extend(response_json)
     return parse_response(result)
 
-def send_release_metrics(write_key, downloads):
-    metrics={}
+
+def send_release_metrics(write_key, downloads, prefix):
+    metrics = {}
+    chart_downloads = []
+    chart_downloads_latest = []
     for release in downloads:
-        _,provider,chart,_ = index.get_chart_info(release.get('name'))
-        if len(provider)>0:
+        _, provider, chart, _ = index.get_chart_info(release.get("name"))
+        if len(provider) > 0:
             if provider not in metrics:
                 metrics[provider] = {}
             if chart not in metrics[provider]:
                 metrics[provider][chart] = {}
 
-            for key in release.get('asset'):
-                metrics[provider][chart][key] = release.get('asset')[key]
-
+            for key in release.get("asset"):
+                metrics[provider][chart][key] = release.get("asset")[key]
 
     for provider in metrics:
         for chart in metrics[provider]:
-            send_metric(write_key,provider,f"{chart} downloads", metrics[provider][chart])
-
-def send_pull_request_metrics(write_key,g):
-
+            ordered_download_perChart = OrderedDict(
+                sorted(
+                    metrics[provider][chart].items(), key=lambda i: i[1], reverse=True
+                )
+            )
+            for key, value in ordered_download_perChart.items():
+                chart_downloads_latest.append(
+                    {"downloads": value, "name": key, "provider": provider}
+                )
+                break
+            for key, value in metrics[provider][chart].items():
+                chart_downloads.append(
+                    {"downloads": value, "name": key, "provider": provider}
+                )
+    chart_downloads.sort(key=lambda k: k["downloads"], reverse=True)
+    chart_downloads_latest.sort(key=lambda k: k["downloads"], reverse=True)
+
+    for x in range(len(chart_downloads)):
+        send_download_metric(
+            write_key,
+            chart_downloads[x]["provider"],
+            chart_downloads[x]["downloads"],
+            chart_downloads[x]["name"],
+            x + 1,
+            prefix,
+        )
+
+    for x in range(5):
+        send_top_five_metric(
+            write_key,
+            chart_downloads_latest[x]["provider"],
+            chart_downloads_latest[x]["downloads"],
+            chart_downloads_latest[x]["name"],
+            x + 1,
+            prefix,
+        )
+
+
+def send_download_metric(write_key, partner, downloads, artifact_name, rank, prefix):
+    id = f"{prefix}-{partner}-{artifact_name}"
+    properties = {"downloads": downloads, "rank": rank, "name": artifact_name}
+
+    send_metric(write_key, id, chart_downloads_event, properties)
+
+
+def send_top_five_metric(write_key, partner, downloads, artifact_name, rank, prefix):
+    id = f"{prefix}-top5"
+    properties = {"downloads": downloads, "rank": rank, "name": artifact_name}
+
+    send_metric(write_key, id, chart_downloads_event, properties)
+
+
+def send_pull_request_metrics(write_key, g):
     chart_submissions = 0
     partners = []
     partner_charts = []
@@ -69,9 +161,9 @@ def send_pull_request_metrics(write_key,g):
     charts_in_progress = 0
     abandoned = []
     repo = g.get_repo("openshift-helm-charts/charts")
-    pull_requests = repo.get_pulls(state='all')
+    pull_requests = repo.get_pulls(state="all")
     for pr in pull_requests:
-        pr_content,type,provider,chart,version = check_and_get_pr_content(pr,repo)
+        pr_content, type, provider, chart, version = check_and_get_pr_content(pr, repo)
         if pr_content != "not-chart":
             chart_submissions += 1
             if pr.closed_at and not pr.merged_at:
@@ -86,15 +178,24 @@ def send_pull_request_metrics(write_key,g):
                     if chart not in partner_charts:
                         partner_charts.append(chart)
             else:
-                charts_in_progress +=1
+                charts_in_progress += 1
 
-        check_rate_limit(g,False)
+        check_rate_limit(g, False)
 
     print(f"[INFO] abandoned PRS: {abandoned}")
-    send_summary_metric(write_key,chart_submissions,charts_merged,charts_abandoned,charts_in_progress,len(partners),len(partner_charts))
+    send_summary_metric(
+        write_key,
+        chart_submissions,
+        charts_merged,
+        charts_abandoned,
+        charts_in_progress,
+        len(partners),
+        len(partner_charts),
+    )
+
 
 def get_pr_files(pr):
-    files=pr.get_files()
+    files = pr.get_files()
     pr_chart_submission_files = []
     for file in files:
         pr_chart_submission_files.append(file.filename)
@@ -102,7 +203,6 @@ def get_pr_files(pr):
 
 
 def process_report_fails(message_file):
-
     fails = "0"
     num_error_messages = 0
     error_messages = []
@@ -121,7 +221,7 @@ def process_report_fails(message_file):
                 if "[ERROR] Chart verifier report includes failures:" in message_line:
                     check_failures = True
                 if pr_comment.get_verifier_errors_trailer() in message_line:
-                    break;
+                    break
                 elif "Number of checks failed" in message_line:
                     body_line_parts = message_line.split(":")
                     fails = body_line_parts[1].strip()
@@ -130,19 +230,19 @@ def process_report_fails(message_file):
                     if "Error message(s)" in message_line:
                         num_error_messages = 1
                     elif num_error_messages <= int(fails):
-                        print(f"[INFO] add error message: {message_line.strip()}" )
+                        print(f"[INFO] add error message: {message_line.strip()}")
                         error_messages.append(message_line.strip())
-                        num_error_messages +=1
+                        num_error_messages += 1
                 elif not check_failures and len(message_line) > 0:
                     non_check_failures = True
-                    print(f"[INFO] non-check message: {message_line.strip()}" )
+                    print(f"[INFO] non-check message: {message_line.strip()}")
                     error_messages.append(message_line.strip())
 
     if check_failures:
         for error_message in error_messages:
-            if ("Missing required annotations" in error_message
-                    or
-                    "Empty metadata in chart" in error_messages
+            if (
+                "Missing required annotations" in error_message
+                or "Empty metadata in chart" in error_messages
             ):
                 checks_failed.append("required-annotations-present")
             elif "Chart test files do not exist" in error_message:
@@ -153,16 +253,16 @@ def process_report_fails(message_file):
                 checks_failed.append("contains-values")
             elif "Values schema file does not exist" in error_message:
                 checks_failed.append("contains-values-schema")
-            elif ("Kubernetes version is not specified" in error_message
-                  or
-                  "Error converting kubeVersion to an OCP range" in error_message
+            elif (
+                "Kubernetes version is not specified" in error_message
+                or "Error converting kubeVersion to an OCP range" in error_message
             ):
                 checks_failed.append("has-kubeversion")
             elif "Helm lint has failed" in error_message:
                 checks_failed.append("helm_lint")
-            elif ( "Failed to certify images" in error_message
-                   or
-                   "Image is not Red Hat certified" in error_message
+            elif (
+                "Failed to certify images" in error_message
+                or "Image is not Red Hat certified" in error_message
             ):
                 if "images-are-certified" not in checks_failed:
                     checks_failed.append("images-are-certified")
@@ -177,31 +277,32 @@ def process_report_fails(message_file):
             else:
                 checks_failed.append("chart-testing")
     elif non_check_failures:
-        fails="1"
+        fails = "1"
         checks_failed.append("other-non-check-failure")
 
-    return int(fails),checks_failed
+    return int(fails), checks_failed
 
-def process_comments(repo,pr):
 
+def process_comments(repo, pr):
     issue = repo.get_issue(number=pr.number)
     comments = issue.get_comments()
     num_builds = 0
     for comment in comments:
-        report_result = parse_message(comment.body,pr.number)
+        report_result = parse_message(comment.body, pr.number)
         if report_result != "not-found":
             num_builds += 1
 
     return num_builds
 
-def process_comment_file(message_file,pr_number):
 
-    with open(message_file, 'r') as file:
+def process_comment_file(message_file, pr_number):
+    with open(message_file, "r") as file:
         message = file.read()
 
-    return parse_message(message,pr_number)
+    return parse_message(message, pr_number)
 
-def parse_message(message,pr_number):
+
+def parse_message(message, pr_number):
     report_result = "not-found"
     if pr_comment.get_comment_header(pr_number) in message:
         if pr_comment.get_verifier_errors_comment() in message:
@@ -213,21 +314,22 @@ def parse_message(message,pr_number):
         elif pr_comment.get_community_review_message() in message:
             report_result = "community_review"
 
-
     print(f"[INFO] report_result : {report_result}")
     return report_result
 
-def get_pr_content(pr):
 
+def get_pr_content(pr):
     pr_content = "not-chart"
     pr_chart_submission_files = get_pr_files(pr)
     if len(pr_chart_submission_files) > 0:
         match = file_pattern.match(pr_chart_submission_files[0])
         if match:
-            type,org,chart,version = match.groups()
+            type, org, chart, version = match.groups()
             if type == "partners":
                 type = "partner"
-            print(f"[INFO] Found PR {pr.number}:{pr.user.login}: type: {type},org: {org},chart: {chart},version: {version}, #files: {len(pr_chart_submission_files)}, file match: {pr_chart_submission_files[0]}")
+            print(
+                f"[INFO] Found PR {pr.number}:{pr.user.login}: type: {type},org: {org},chart: {chart},version: {version}, #files: {len(pr_chart_submission_files)}, file match: {pr_chart_submission_files[0]}"
+            )
             tgz_found = False
             report_found = False
             src_found = False
@@ -252,41 +354,58 @@ def get_pr_content(pr):
             elif src_found:
                 pr_content = "src only"
 
-            return pr_content,type,org,chart,version
+            return pr_content, type, org, chart, version
+
+    return pr_content, "", "", "", ""
 
-    return pr_content,"","","",""
 
-def check_and_get_pr_content(pr,repo):
+def check_and_get_pr_content(pr, repo):
     repo_name = repo.full_name
-    if (pr.user.login in ignore_users and pr.user.login not in repo_name) or pr.draft or pr.base.ref != "main":
-        print(f"[INFO] Ignore pr, user: {pr.user.login}, draft: {pr.draft}, target_branch: {pr.base.ref}")
-        return "not-chart","","","",""
+    if (
+        (pr.user.login in ignore_users and pr.user.login not in repo_name)
+        or pr.draft
+        or pr.base.ref != "main"
+    ):
+        print(
+            f"[INFO] Ignore pr, user: {pr.user.login}, draft: {pr.draft}, target_branch: {pr.base.ref}"
+        )
+        return "not-chart", "", "", "", ""
 
     return get_pr_content(pr)
-    
 
-def process_pr(write_key,repo,message_file,pr_number,action):
-    pr = repo.get_pull(int(pr_number))
 
-    pr_content,type,provider,chart,version = check_and_get_pr_content(pr,repo)
+def process_pr(write_key, repo, message_file, pr_number, action, prefix, pr_directory):
+    pr = repo.get_pull(int(pr_number))
+    pr_content, type, provider, chart, version = check_and_get_pr_content(pr, repo)
     if pr_content != "not-chart":
         if action == "opened":
-            send_submission_metric(write_key,type,provider,chart,pr_number,pr_content)
-
-        pr_result = process_comment_file(message_file,pr_number)
-        num_fails=0
+            send_submission_metric(
+                write_key,
+                type,
+                provider,
+                chart,
+                pr_number,
+                pr_content,
+                prefix,
+                pr_directory,
+            )
+
+        pr_result = process_comment_file(message_file, pr_number)
+        num_fails = 0
         if pr_result == "report-failure":
-            num_fails,checks_failed = process_report_fails(message_file)
+            num_fails, checks_failed = process_report_fails(message_file)
             for check in checks_failed:
-                send_check_metric(write_key,type,provider,chart,pr_number,check)
+                send_check_metric(write_key, type, provider, chart, pr_number, check)
         elif pr_result == "content-failure":
             num_fails = 1
-        send_outcome_metric(write_key,type,provider,chart,pr_number,pr_result,num_fails)
 
-        ## if pr is merged we can collect summary stats
-        if pr.merged_at:
+        send_outcome_metric(
+            write_key, type, provider, chart, pr_number, pr_result, num_fails, prefix
+        )
 
-            builds =  process_comments(repo,pr)
+        # if pr is merged we can collect summary stats
+        if pr.merged_at:
+            builds = process_comments(repo, pr)
             print(f"[INFO]    PR  build cycles : {builds}")
             builds_out = str(builds)
             if builds > 5:
@@ -294,91 +413,226 @@ def process_pr(write_key,repo,message_file,pr_number,action):
 
             elapsed_time = pr.merged_at - pr.created_at
             # round up to an hour to avoid 0 time
-            elapsed_hours = elapsed_time.total_seconds()//3600
+            elapsed_hours = elapsed_time.total_seconds() // 3600
             duration = "0-1 hours"
             if 24 > elapsed_hours > 1:
                 duration = "1-24 hours"
             elif 168 > elapsed_hours > 24:
                 duration = "1-7 days"
             elif elapsed_hours > 168:
-                duration= "> 7 days"
-
-            send_merge_metric(write_key,type,provider,chart,duration,pr_number,builds_out,pr_content)
-
-
-def send_summary_metric(write_key,num_submissions,num_merged,num_abandoned,num_in_progress,num_partners,num_charts):
-    properties = { "submissions": num_submissions, "merged": num_merged, "abandoned" : num_abandoned, "in_progress" : num_in_progress,
-                   "partners": num_partners, "partner_charts" : num_charts}
+                duration = "> 7 days"
+
+            send_merge_metric(
+                write_key,
+                type,
+                provider,
+                chart,
+                duration,
+                pr_number,
+                builds_out,
+                pr_content,
+                prefix,
+                pr_directory,
+            )
+
+
+def send_summary_metric(
+    write_key,
+    num_submissions,
+    num_merged,
+    num_abandoned,
+    num_in_progress,
+    num_partners,
+    num_charts,
+):
+    properties = {
+        "submissions": num_submissions,
+        "merged": num_merged,
+        "abandoned": num_abandoned,
+        "in_progress": num_in_progress,
+        "partners": num_partners,
+        "partner_charts": num_charts,
+    }
     id = "helm-metric-summary"
 
-    send_metric(write_key,id,"PR Summary",properties)
-
-def send_outcome_metric(write_key,type,provider,chart,pr_number,outcome,num_fails):
-
-    properties = { "type": type, "provider": provider, "chart" : chart, "pr" : pr_number, "outcome" : outcome, "failures" :  num_fails}
-    id = f"helm-metric-{provider}"
-
-    send_metric(write_key,id,"PR Outcome",properties)
-
-
-def send_check_metric(write_key,type,partner,chart,pr_number,check):
-
-    properties = { "type": type, "provider": partner, "chart" : chart, "pr" : pr_number, "check" : check }
-    id = f"helm-metric-{partner}"
-
-    send_metric(write_key,id,"PR Report Fails",properties)
-
-def send_merge_metric(write_key,type,partner,chart,duration,pr_number,num_builds,pr_content):
-
-    id = f"helm-metric-{partner}"
-    properties = { "type" : type, "provider": partner, "chart" : chart, "pr" : pr_number, "builds" :num_builds, "duration" : duration, "content" : pr_content}
-
-    send_metric(write_key,id,"PR Merged",properties)
-
-def send_submission_metric(write_key,type,partner,chart,pr_number,pr_content):
-
+    send_metric(write_key, id, "PR Summary", properties)
+
+
+def send_outcome_metric(
+    write_key, type, provider, chart, pr_number, outcome, num_fails, prefix
+):
+    properties = {
+        "type": type,
+        "provider": provider,
+        "chart": chart,
+        "pr": pr_number,
+        "outcome": outcome,
+        "failures": num_fails,
+    }
+    id = f"{prefix}-{type}-{provider}"
+
+    send_metric(write_key, id, pr_outcome, properties)
+
+
+def send_check_metric(write_key, type, partner, chart, pr_number, check):
+    properties = {
+        "type": type,
+        "provider": partner,
+        "chart": chart,
+        "pr": pr_number,
+        "check": check,
+    }
     id = f"helm-metric-{partner}"
-    properties = { "type" : type, "provider": partner, "chart" : chart, "pr" : pr_number, "pr content": pr_content}
-
-    send_metric(write_key,id,"PR Submission",properties)
 
-def on_error(error,items):
+    send_metric(write_key, id, "PR Report Fails", properties)
+
+
+def send_merge_metric(
+    write_key,
+    type,
+    partner,
+    chart,
+    duration,
+    pr_number,
+    num_builds,
+    pr_content,
+    prefix,
+    pr_directory,
+):
+    update = getChartUpdate(type, partner, chart, pr_directory)
+    id = f"{prefix}-{type}-{partner}"
+    properties = {
+        "type": type,
+        "provider": partner,
+        "chart": chart,
+        "pr": pr_number,
+        "builds": num_builds,
+        "duration": duration,
+        "content": pr_content,
+        "update": update,
+    }
+
+    send_metric(write_key, id, pr_merged, properties)
+
+
+def send_submission_metric(
+    write_key, type, partner, chart, pr_number, pr_content, prefix, pr_directory
+):
+    update = getChartUpdate(type, partner, chart, pr_directory)
+    id = f"{prefix}-{type}-{partner}"
+    properties = {
+        "type": type,
+        "provider": partner,
+        "chart": chart,
+        "pr": pr_number,
+        "pr content": pr_content,
+        "update": update,
+    }
+
+    send_metric(write_key, id, pr_submission, properties)
+
+
+def on_error(error, items):
     print("An error occurred creating metrics:", error)
-    print("error with items:",items)
+    print("error with items:", items)
     sys.exit(1)
 
 
-def send_metric(write_key,id,event,properties):
-
+def send_metric(write_key, id, event, properties):
     analytics.write_key = write_key
     analytics.on_error = on_error
 
-    print(f'[INFO] Add track:  id: {id},  event:{event},  properties:{properties}')
+    print(f"[INFO] Add track:  id: {id},  event:{event},  properties:{properties}")
 
     analytics.track(id, event, properties)
 
 
-def check_rate_limit(g,force):
+def check_rate_limit(g, force):
     rate_limit = g.get_rate_limit()
     if force or rate_limit.core.remaining < 10:
         print(f"[INFO] rate limit info: {rate_limit.core}")
 
 
+def getChartUpdate(type, partner, chart, cwd):
+    if type == "partner":
+        directory_type = "partners"
+    else:
+        directory_type = type
+    directoryPath = os.path.join(cwd, charts, directory_type, partner, chart)
+    # Checking if the directory contains only the OWNERS file
+    print(os.listdir(directoryPath))
+    if len(os.listdir(directoryPath)) == 1:
+        return "new chart"
+    else:
+        return "new version"
+
 
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument("-k", "--write-key", dest="write_key", type=str, required=True,
-                        help="segment write key")
-    parser.add_argument("-t", "--metric-type", dest="type", type=str, required=True,
-                        help="metric type, releases or pull_request")
-    parser.add_argument("-m", "--message-file", dest="message_file", type=str, required=False,
-                        help="message for metric")
-    parser.add_argument("-n", "--pr-number", dest="pr_number", type=str, required=False,
-                        help="number of teh pr")
-    parser.add_argument("-a", "--pr-action", dest="pr_action", type=str, required=False,
-                        help="The event action of the pr")
-    parser.add_argument("-r", "--repository", dest="repository", type=str, required=False,
-                        help="The repository of the pr")
+    parser.add_argument(
+        "-k",
+        "--write-key",
+        dest="write_key",
+        type=str,
+        required=True,
+        help="segment write key",
+    )
+    parser.add_argument(
+        "-t",
+        "--metric-type",
+        dest="type",
+        type=str,
+        required=True,
+        help="metric type, releases or pull_request",
+    )
+    parser.add_argument(
+        "-m",
+        "--message-file",
+        dest="message_file",
+        type=str,
+        required=False,
+        help="message for metric",
+    )
+    parser.add_argument(
+        "-n",
+        "--pr-number",
+        dest="pr_number",
+        type=str,
+        required=False,
+        help="number of teh pr",
+    )
+    parser.add_argument(
+        "-a",
+        "--pr-action",
+        dest="pr_action",
+        type=str,
+        required=False,
+        help="The event action of the pr",
+    )
+    parser.add_argument(
+        "-r",
+        "--repository",
+        dest="repository",
+        type=str,
+        required=False,
+        help="The repository of the pr",
+    )
+    parser.add_argument(
+        "-p",
+        "--prefix",
+        dest="prefix",
+        type=str,
+        required=False,
+        help="The prefix of the id in segment",
+    )
+    parser.add_argument(
+        "-d",
+        "--pr_dir",
+        dest="pr_dir",
+        type=str,
+        required=False,
+        help="Directory of pull request code.",
+    )
 
     args = parser.parse_args()
     print("Input arguments:")
@@ -388,22 +642,33 @@ def main():
     print(f"   --pr-number : {args.pr_number}")
     print(f"   --pr-action : {args.pr_action}")
     print(f"   --repository : {args.repository}")
+    print(f"   --prefix : {args.prefix}")
+    print(f"   --pr_dir : {args.pr_dir}")
 
     if not args.write_key:
         print("Error: Segment write key not set")
         sys.exit(1)
 
-    g = Github(os.environ.get("github_token"))
+    g = Github(os.environ.get("BOT_TOKEN"))
 
     if args.type == "pull_request":
         repo_current = g.get_repo(args.repository)
-        process_pr(args.write_key,repo_current,args.message_file,args.pr_number,args.pr_action)
+        process_pr(
+            args.write_key,
+            repo_current,
+            args.message_file,
+            args.pr_number,
+            args.pr_action,
+            args.prefix,
+            args.pr_dir,
+        )
     else:
-        check_rate_limit(g,True)
-        send_release_metrics(args.write_key,get_release_metrics())
-        check_rate_limit(g,True)
-        send_pull_request_metrics(args.write_key,g)
-        check_rate_limit(g,True)
+        check_rate_limit(g, True)
+        send_release_metrics(args.write_key, get_release_metrics(), args.prefix)
+        check_rate_limit(g, True)
+        send_pull_request_metrics(args.write_key, g)
+        check_rate_limit(g, True)
+
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     main()
diff --git a/scripts/src/metrics/pushowners.py b/scripts/src/metrics/pushowners.py
new file mode 100644
index 00000000000..3612ac9764d
--- /dev/null
+++ b/scripts/src/metrics/pushowners.py
@@ -0,0 +1,204 @@
+import argparse
+import sys
+import analytics
+
+sys.path.append("../")
+from owners import owners_file
+
+
+def getVendorType(changed_file):
+    path_as_list = changed_file.split("/")
+    for i in range(len(path_as_list) - 1):
+        if path_as_list[i] == "charts":
+            vendor_type = path_as_list[i + 1]
+            return vendor_type
+
+
+def getFileContent(changed_file):
+    status, owner_data = owners_file.get_owner_data_from_file(changed_file)
+    if status is True:
+        users_included = owners_file.get_users_included(owner_data)
+        web_catalog_only = owners_file.get_web_catalog_only(owner_data)
+        if not web_catalog_only:
+            web_catalog_only_string = "No"
+        else:
+            web_catalog_only_string = "Yes"
+        vendor_name = owners_file.get_vendor(owner_data)
+        chart_name = owners_file.get_chart(owner_data)
+        vendor_type = getVendorType(changed_file)
+        return (
+            users_included,
+            web_catalog_only_string,
+            vendor_name,
+            chart_name,
+            vendor_type,
+        )
+    else:
+        print("Exception loading OWNERS file")
+        return "", "", "", "", ""
+
+
+def process_pr(added_file, modified_file):
+    if modified_file != "":
+        action = "update"
+        update = "existing-vendor"
+        (
+            users_included,
+            web_catalog_only,
+            vendor_name,
+            chart_name,
+            vendor_type,
+        ) = getFileContent(modified_file)
+        return (
+            users_included,
+            web_catalog_only,
+            vendor_name,
+            chart_name,
+            vendor_type,
+            action,
+            update,
+        )
+    elif added_file != "":
+        action = "create"
+        update = "new-vendor"
+        (
+            users_included,
+            web_catalog_only,
+            vendor_name,
+            chart_name,
+            vendor_type,
+        ) = getFileContent(added_file)
+        return (
+            users_included,
+            web_catalog_only,
+            vendor_name,
+            chart_name,
+            vendor_type,
+            action,
+            update,
+        )
+
+
+def send_owner_metric(
+    write_key,
+    prefix,
+    users_included,
+    web_catalog_only,
+    partner,
+    chart_name,
+    type,
+    action,
+    update,
+):
+    if chart_name != "" and partner != "":
+        id = f"{prefix}-{type}-{chart_name}"
+        properties = {
+            "type": type,
+            "vendor": partner,
+            "chart": chart_name,
+            "users_included": users_included,
+            "provider_delivery": web_catalog_only,
+            "action": action,
+            "update": update,
+        }
+        send_metric(write_key, id, "owners v1.0", properties)
+
+
+def on_error(error, items):
+    print("An error occurred creating metrics:", error)
+    print("error with items:", items)
+    sys.exit(1)
+
+
+def send_metric(write_key, id, event, properties):
+    analytics.write_key = write_key
+    analytics.on_error = on_error
+
+    print(f"[INFO] Add track:  id: {id},  event:{event},  properties:{properties}")
+
+    analytics.track(id, event, properties)
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "-k",
+        "--write-key",
+        dest="write_key",
+        type=str,
+        required=True,
+        help="segment write key",
+    )
+    parser.add_argument(
+        "-t",
+        "--metric-type",
+        dest="type",
+        type=str,
+        required=True,
+        help="metric type, releases or pull_request",
+    )
+    parser.add_argument(
+        "-n", "--added", dest="added", nargs="*", required=False, help="files added"
+    )
+    parser.add_argument(
+        "-a",
+        "--modified",
+        dest="modified",
+        nargs="*",
+        required=False,
+        help="files modified",
+    )
+    parser.add_argument(
+        "-r",
+        "--repository",
+        dest="repository",
+        type=str,
+        required=False,
+        help="The repository of the pr",
+    )
+    parser.add_argument(
+        "-p",
+        "--prefix",
+        dest="prefix",
+        type=str,
+        required=False,
+        help="The prefix of the id in segment",
+    )
+
+    args = parser.parse_args()
+    print("Input arguments:")
+    print(f"   --write-key length : {len(args.write_key)}")
+    print(f"   --metric-type : {args.type}")
+    print(f"   --added : {args.added}")
+    print(f"   --modified : {args.modified}")
+    print(f"   --repository : {args.repository}")
+    print(f"   --prefix : {args.prefix}")
+
+    if not args.write_key:
+        print("Error: Segment write key not set")
+        sys.exit(1)
+
+    (
+        users_included,
+        web_catalog_only,
+        vendor_name,
+        chart_name,
+        vendor_type,
+        action,
+        update,
+    ) = process_pr(args.added[0], args.modified[0])
+    send_owner_metric(
+        args.write_key,
+        args.prefix,
+        users_included,
+        web_catalog_only,
+        vendor_name,
+        chart_name,
+        vendor_type,
+        action,
+        update,
+    )
+
+
+if __name__ == "__main__":
+    main()
diff --git a/scripts/src/owners/checkuser.py b/scripts/src/owners/checkuser.py
index 1c6c460a07e..05b615b375b 100644
--- a/scripts/src/owners/checkuser.py
+++ b/scripts/src/owners/checkuser.py
@@ -12,14 +12,17 @@
 
 import re
 import argparse
-import requests
 import os
 import sys
 import yaml
+
 try:
-    from yaml import CLoader as Loader, CDumper as Dumper
+    from yaml import CLoader as Loader
 except ImportError:
-    from yaml import Loader, Dumper
+    from yaml import Loader
+
+sys.path.append("../")
+from pullrequest import prartifact
 
 
 OWNERS_FILE = "OWNERS"
@@ -41,47 +44,52 @@ def verify_user(username):
             print(f"[ERROR] {username} not auhtorized")
     return False
 
+
 def check_for_restricted_file(api_url):
-    files_api_url = f'{api_url}/files'
-    headers = {'Accept': 'application/vnd.github.v3+json'}
+    files = prartifact.get_modified_files(api_url)
     pattern_owners = re.compile(OWNERS_FILE)
     pattern_versionfile = re.compile(VERSION_FILE)
     pattern_thisfile = re.compile(THIS_FILE)
-    page_number = 1
-    max_page_size,page_size = 100,100
-
-    while (page_size == max_page_size):
-
-        files_api_query = f'{files_api_url}?per_page={page_size}&page={page_number}'
-        r = requests.get(files_api_query,headers=headers)
-        files = r.json()
-        page_size = len(files)
-        page_number += 1
-
-        for f in files:
-           filename = f["filename"]
-           if pattern_versionfile.match(filename) or pattern_owners.match(filename) or pattern_thisfile.match(filename):
-               print(f"[INFO] restricted file found: {filename}")
-               return True
- 
+
+    for filename in files:
+        if (
+            pattern_versionfile.match(filename)
+            or pattern_owners.match(filename)
+            or pattern_thisfile.match(filename)
+        ):
+            print(f"[INFO] restricted file found: {filename}")
+            return True
+
     return False
 
 
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument("-a", "--api-url", dest="api_url", type=str, required=True,
-                        help="API URL for the pull request")
-    parser.add_argument("-u", "--user", dest="username", type=str, required=True,
-                        help="user to be checked for authority to modify release files in a PR")
+    parser.add_argument(
+        "-a",
+        "--api-url",
+        dest="api_url",
+        type=str,
+        required=True,
+        help="API URL for the pull request",
+    )
+    parser.add_argument(
+        "-u",
+        "--user",
+        dest="username",
+        type=str,
+        required=True,
+        help="user to be checked for authority to modify release files in a PR",
+    )
     args = parser.parse_args()
 
     if check_for_restricted_file(args.api_url):
         if verify_user(args.username):
             print(f"[INFO] {args.username} is authorized to modify all files in the PR")
         else:
-            print(f"[INFO] {args.username} is not authorized to modify all files in the PR")
+            print(
+                f"[INFO] {args.username} is not authorized to modify all files in the PR"
+            )
             sys.exit(1)
     else:
-        print(f"[INFO] no restricted files found in the PR")
-
-
+        print("[INFO] no restricted files found in the PR")
diff --git a/scripts/src/owners/owners_file.py b/scripts/src/owners/owners_file.py
index 0f4116c0914..7cbeac1aab6 100644
--- a/scripts/src/owners/owners_file.py
+++ b/scripts/src/owners/owners_file.py
@@ -1,27 +1,69 @@
 import os
 
 import yaml
+
 try:
-    from yaml import CLoader as Loader, CDumper as Dumper
+    from yaml import CLoader as Loader
 except ImportError:
-    from yaml import Loader, Dumper
+    from yaml import Loader
 
 
 def get_owner_data(category, organization, chart):
+    path = os.path.join("charts", category, organization, chart, "OWNERS")
+    status, owner_content = get_owner_data_from_file(path)
+    return status, owner_content
+
+
+def get_owner_data_from_file(owner_path):
     try:
-        with open(os.path.join("charts", category, organization, chart, "OWNERS")) as owner_data:
-            owner_content = yaml.load(owner_data,Loader=Loader)
-        return True,owner_content
+        with open(owner_path) as owner_data:
+            owner_content = yaml.load(owner_data, Loader=Loader)
+        return True, owner_content
     except Exception as err:
         print(f"Exception loading OWNERS file: {err}")
-        return False,""
+        return False, ""
+
+
+def get_vendor(owner_data):
+    vendor = ""
+    try:
+        vendor = owner_data["vendor"]["name"]
+    except Exception:
+        pass
+    return vendor
 
 
-def get_provider_delivery(owner_data):
-    provider_delivery = False
+def get_chart(owner_data):
+    chart = ""
     try:
-        provider_delivery = owner_data["providerDelivery"]
+        chart = owner_data["chart"]["name"]
     except Exception:
         pass
-    return provider_delivery
+    return chart
+
+
+def get_web_catalog_only(owner_data):
+    web_catalog_only = False
+    try:
+        if "webCatalogOnly" in owner_data:
+            web_catalog_only = owner_data["webCatalogOnly"]
+        elif "providerDelivery" in owner_data:
+            web_catalog_only = owner_data["providerDelivery"]
+    except Exception:
+        pass
+    return web_catalog_only
+
+
+def get_users_included(owner_data):
+    users_included = "No"
+    try:
+        users = owner_data["users"]
+        if len(users) != 0:
+            return "Yes"
+    except Exception:
+        pass
+    return users_included
+
 
+def get_pgp_public_key(owner_data):
+    return owner_data.get("publicPgpKey", "")
diff --git a/scripts/src/owners/user_is_repo_owner.py b/scripts/src/owners/user_is_repo_owner.py
new file mode 100644
index 00000000000..ed2e532f7b5
--- /dev/null
+++ b/scripts/src/owners/user_is_repo_owner.py
@@ -0,0 +1,75 @@
+#!/usr/bin/env python3
+
+"""A quick way to check if a given user is an approver in the repository's OWNERS file.
+
+Accepts only a single value (the username)
+
+Returns 0 if the user is found in the OWNERS file in the approver section.
+Returns 1 if the user is NOT found in the OWNERS file.
+Any other non-zero is considered a failed execution (contextually, something broke)
+"""
+
+import os
+import sys
+import yaml
+
+try:
+    from yaml import CLoader as Loader
+except ImportError:
+    from yaml import Loader
+
+OWNERS_FILE = "OWNERS"
+
+
+def is_approver(username: str) -> bool:
+    """Returns true if username is in the OWNERS file
+
+    Raises an Exception in cases where the content from the OWNERS file
+    does not match our expectations.
+    """
+
+    with open(OWNERS_FILE, "r") as f:
+        data = f.read()
+        out = yaml.load(data, Loader=Loader)
+
+    if "approvers" not in out:
+        raise Exception('OWNERS file did not have the required "approvers" key')
+
+    approvers = out.get("approvers")
+    if not isinstance(approvers, list):
+        raise Exception('The "approvers" key was not a list, and a list is expected')
+
+    if username in out.get("approvers"):
+        return True
+
+    return False
+
+
+def main():
+    if len(sys.argv) != 2:
+        print(
+            "[Error] This script accepts only a single string as an argument, representing the user to check."
+        )
+        return 10
+
+    user = sys.argv[1]
+
+    print(f"[Info] Checking OWNERS file at path {os.path.abspath(OWNERS_FILE)}")
+    if not os.path.exists(OWNERS_FILE):
+        print(f"{OWNERS_FILE} file does not exist.")
+        return 20
+
+    try:
+        if is_approver(user):
+            print(f'[Info] User "{user}" is an approver.')
+            return 0
+    except Exception as e:
+        print(f"[Error] Could not extract expected values from OWNERS file: {e}.")
+        return 30
+
+    print(f'[Info] User "{user}" is NOT an approver.')
+    return 1
+
+
+if __name__ == "__main__":
+    sys.exit(main())
diff --git a/scripts/src/pullrequest/prartifact.py b/scripts/src/pullrequest/prartifact.py
index f290a7c7b9e..a0f74f7ba1d 100644
--- a/scripts/src/pullrequest/prartifact.py
+++ b/scripts/src/pullrequest/prartifact.py
@@ -1,4 +1,3 @@
-import re
 import os
 import sys
 import argparse
@@ -7,24 +6,95 @@
 
 import requests
 
-sys.path.append('../')
+sys.path.append("../")
 from checkprcontent import checkpr
+from tools import gitutils
+
+pr_files = []
+pr_labels = []
+xRateLimit = "X-RateLimit-Limit"
+xRateRemain = "X-RateLimit-Remaining"
+
 
 # TODO(baijum): Move this code under chartsubmission.chart module
 def get_modified_charts(api_url):
-    files_api_url = f'{api_url}/files'
-    headers = {'Accept': 'application/vnd.github.v3+json'}
-    r = requests.get(files_api_url, headers=headers)
-    pattern,_ = checkpr.get_file_match_compiled_patterns()
-    for f in r.json():
-        m = pattern.match(f["filename"])
-        if m:
-            category, organization, chart, version = m.groups()
+    files = get_modified_files(api_url)
+    pattern, _, _ = checkpr.get_file_match_compiled_patterns()
+    for file in files:
+        match = pattern.match(file)
+        if match:
+            category, organization, chart, version = match.groups()
             return category, organization, chart, version
 
     return "", "", "", ""
 
 
+def get_modified_files(api_url):
+    """Populates and returns the list of files modified by this the PR
+
+    Args:
+        api_url (str): URL of the GitHub PR
+
+    Returns:
+        list[str]: List of modified files
+    """
+    if not pr_files:
+        page_number = 1
+        max_page_size, page_size = 100, 100
+        headers = {
+            "Accept": "application/vnd.github.v3+json",
+            "Authorization": f'Bearer {os.environ.get("BOT_TOKEN")}',
+        }
+        files_api_url = f"{api_url}/files"
+
+        while page_size == max_page_size:
+            files_api_query = f"{files_api_url}?per_page={page_size}&page={page_number}"
+            print(f"[INFO] Query files : {files_api_query}")
+            r = requests.get(files_api_query, headers=headers)
+            files = r.json()
+            page_size = len(files)
+            page_number += 1
+
+            if xRateLimit in r.headers:
+                print(f"[DEBUG] {xRateLimit} : {r.headers[xRateLimit]}")
+            if xRateRemain in r.headers:
+                print(f"[DEBUG] {xRateRemain}  : {r.headers[xRateRemain]}")
+
+            if "message" in files:
+                print(f'[ERROR] getting pr files: {files["message"]}')
+                sys.exit(1)
+            else:
+                for file in files:
+                    if "filename" in file:
+                        pr_files.append(file["filename"])
+
+    return pr_files
+
+
+def get_labels(api_url):
+    if not pr_labels:
+        headers = {
+            "Accept": "application/vnd.github.v3+json",
+            "Authorization": f'Bearer {os.environ.get("BOT_TOKEN")}',
+        }
+        r = requests.get(api_url, headers=headers)
+        pr_data = r.json()
+
+        if xRateLimit in r.headers:
+            print(f"[DEBUG] {xRateLimit} : {r.headers[xRateLimit]}")
+        if xRateRemain in r.headers:
+            print(f"[DEBUG] {xRateRemain}  : {r.headers[xRateRemain]}")
+
+        if "message" in pr_data:
+            print(f'[ERROR] getting pr files: {pr_data["message"]}')
+            sys.exit(1)
+        if "labels" in pr_data:
+            for label in pr_data["labels"]:
+                pr_labels.append(label["name"])
+
+    return pr_labels
+
+
 def save_metadata(directory, vendor_label, chart, number):
     with open(os.path.join(directory, "vendor"), "w") as fd:
         print(f"add {directory}/vendor as {vendor_label}")
@@ -42,18 +112,47 @@ def save_metadata(directory, vendor_label, chart, number):
     else:
         pathlib.Path(os.path.join(directory, "report.yaml")).touch()
 
+
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument("-d", "--directory", dest="directory", type=str, required=True,
-                                        help="artifact directory for archival")
-    parser.add_argument("-n", "--pr-number", dest="number", type=str, required=True,
-                                        help="current pull request number")
-    parser.add_argument("-u", "--api-url", dest="api_url", type=str, required=True,
-                                        help="API URL for the pull request")
+    parser.add_argument(
+        "-d",
+        "--directory",
+        dest="directory",
+        type=str,
+        required=False,
+        help="artifact directory for archival",
+    )
+    parser.add_argument(
+        "-n",
+        "--pr-number",
+        dest="number",
+        type=str,
+        required=False,
+        help="current pull request number",
+    )
+    parser.add_argument(
+        "-u",
+        "--api-url",
+        dest="api_url",
+        type=str,
+        required=True,
+        help="API URL for the pull request",
+    )
+    parser.add_argument(
+        "-f", "--get-files", dest="get_files", default=False, action="store_true"
+    )
+
     args = parser.parse_args()
-    os.makedirs(args.directory, exist_ok=True)
-    category, organization, chart, version = get_modified_charts(args.api_url)
-    save_metadata(args.directory, organization, chart, args.number)
+    if args.get_files:
+        pr_files = get_modified_files(args.api_url)
+        print(f"[INFO] files in pr: {pr_files}")
+        gitutils.add_output("pr_files", pr_files)
+    else:
+        os.makedirs(args.directory, exist_ok=True)
+        category, organization, chart, version = get_modified_charts(args.api_url)
+        save_metadata(args.directory, organization, chart, args.number)
+
 
 if __name__ == "__main__":
     main()
diff --git a/scripts/src/pullrequest/prepare_pr_comment.py b/scripts/src/pullrequest/prepare_pr_comment.py
index e7e17cab1de..e6faf08678b 100644
--- a/scripts/src/pullrequest/prepare_pr_comment.py
+++ b/scripts/src/pullrequest/prepare_pr_comment.py
@@ -1,117 +1,294 @@
 import os
 import sys
+from tools import gitutils
+
 
 def get_success_coment():
-    return "Congratulations! Your chart has been certified and will be published shortly."
+    return (
+        "Congratulations! Your chart has been certified and will be published shortly."
+    )
+
 
 def get_content_failure_message():
     return "One or more errors were found with the pull request:"
 
+
 def get_community_review_message():
     return "Community charts require maintainer review and approval, a review will be conducted shortly."
 
+
 def get_failure_comment():
-    return "There were one or more errors while building and verifying your pull request."
+    return (
+        "There were one or more errors while building and verifying your pull request."
+    )
+
+
+def get_comment_header(pr_number):
+    return f"Thank you for submitting PR #{pr_number} for Helm Chart Certification!"
+
 
 def get_verifier_errors_comment():
     return "[ERROR] The submitted chart has failed certification. Reason(s):"
 
+
 def get_verifier_errors_trailer():
-    return "Please run the [chart-verifier](https://github.com/redhat-certification/chart-verifier) \
-and ensure all mandatory checks pass."
+    return " ".join(
+        [
+            "Please create a valid report with the",
+            "[chart-verifier](https://github.com/redhat-certification/chart-verifier)",
+            "and ensure all mandatory checks pass.",
+        ]
+    )
+
+
+def get_look_at_job_output_comment():
+    return """To see the console output with the error messages, click the "Details" \
+link next to "CI / Chart Certification" job status towards the end of this page."""
+
 
 def prepare_failure_comment():
-    msg = f"""\
-{get_failure_comment()}
-To see the console output with the error messages, click the "Details"
-link next to "CI / Chart Certification" job status towards the end of this page.
-"""
+    """assembles the comment for certification failures
+
+    Will attempt to read a file with error messaging from the filesystem
+    and includes that information in its content. (e.g. ./pr/errors)
+    """
+    msg = get_failure_comment()
+    msg = append_to(msg, get_look_at_job_output_comment())
     if os.path.exists("./pr/errors"):
         errors = open("./pr/errors").read()
-        msg += f"""
-{get_verifier_errors_comment()}
+        msg = append_to(msg, get_verifier_errors_comment())
+        msg = append_to(msg, errors)
+        msg = append_to(msg, get_verifier_errors_trailer())
+        gitutils.add_output("error-message", errors)
+    else:
+        gitutils.add_output("error-message", get_failure_comment())
+    return msg
 
-{errors}
 
-{get_verifier_errors_trailer()}
+def prepare_pr_content_failure_comment():
+    """Generate a message for PR Content Check Failures
 
-"""
-    print(f"::set-output name=error-message::{errors}")
-    return msg
+    This function reaches into the environment for known variables
+    that contain error messages.
 
-def prepare_success_comment():
-    msg = f"{get_success_coment()}.\n\n"
-    return msg
+    Error messages are then passed into the GITHUB_OUTPUT.
 
-def prepare_pr_content_failure_comment():
-    msg = f"{get_content_failure_message()} \n"
+    Returns a formatted string containing error message contents.
+    """
+    msg = f"{get_content_failure_message()}"
     pr_content_error_msg = os.environ.get("PR_CONTENT_ERROR_MESSAGE", "")
     owners_error_msg = os.environ.get("OWNERS_ERROR_MESSAGE", "")
     if pr_content_error_msg:
-        print(f"::set-output name=error-message::{pr_content_error_msg}")
-        msg += f"{pr_content_error_msg}\n\n"
+        gitutils.add_output("error-message", pr_content_error_msg)
+        msg = append_to(msg, f"{pr_content_error_msg}")
     if owners_error_msg:
-        print(f"::set-output name=error-message::{owners_error_msg}")
-        msg += f"{owners_error_msg}\n\n"
+        gitutils.add_output("error-message", owners_error_msg)
+        msg = append_to(msg, f"{owners_error_msg}")
+    return msg
+
+
+def prepare_run_verifier_failure_comment():
+    verifier_error_msg = os.environ.get("VERIFIER_ERROR_MESSAGE", "")
+    gitutils.add_output("error-message", verifier_error_msg)
+    msg = verifier_error_msg
+    msg = append_to(msg, get_look_at_job_output_comment())
     return msg
 
+
 def prepare_community_comment():
-    msg = f"{get_community_review_message()}\n\n"
+    msg = f"{get_community_review_message()}"
     if os.path.exists("./pr/errors"):
         errors = open("./pr/errors").read()
-        msg += "However, please note that one or more errors were found while building and verifying your pull request:\n\n"
-        msg += f"{errors}\n\n"
+        msg = append_to(
+            msg,
+            "However, **please note** that one or more errors were found while building and verifying your pull request:",
+        )
+        msg = append_to(msg, f"{errors}")
     return msg
 
-def prepare_oc_install_fail_comment():
-    msg = "Unfortunately the certification process failed to install OpenShift and could not complete.\n\n"
-    msg += "This problem will be addressed by maintainers and no further action is required from the submitter at this time.\n\n"
-    return msg
 
-def get_comment_header(issue_number):
-    msg = f"Thank you for submitting PR #{issue_number} for Helm Chart Certification!\n\n"
+def prepare_generic_fail_comment():
+    msg = ""
+    if os.path.exists("./pr/errors"):
+        errors = open("./pr/errors").read()
+        msg = append_to(
+            msg,
+            "One or more errors were found while building and verifying your pull request:",
+        )
+        msg = append_to(msg, f"{errors}")
+    else:
+        msg = append_to(
+            msg,
+            "An unspecified error has occured while building and verifying your pull request.",
+        )
     return msg
 
-def get_comment_footer(vendor_label, chart_name):
-    msg = "\n---\n\n"
-    msg += "For information on the certification process see:\n"
-    msg += "- [Red Hat certification requirements and process for Kubernetes applications that are deployed using Helm charts.](https://redhat-connect.gitbook.io/partner-guide-for-red-hat-openshift-and-container/helm-chart-certification/overview).\n\n"
-    msg += "For support, connect with our [Technology Partner Success Desk](https://redhat-connect.gitbook.io/red-hat-partner-connect-general-guide/managing-your-account/getting-help/technology-partner-success-desk).\n\n"
-    msg += f'/metadata {{"vendor_label": "{vendor_label}", "chart_name": "{chart_name}"}}\n\n'
+
+def prepare_oc_install_fail_comment():
+    return " ".join(
+        [
+            "Unfortunately the certification process failed to install OpenShift Clientand could not complete.",
+            "This problem will be addressed by maintainers and no further action is required from the submitter at this time.",
+        ]
+    )
+
+
+def append_to(msg, new_content, use_horizontal_divider=False):
+    """Appends new_content to the msg.
+
+    This utility function helps simplify the building of our PR comment
+    template. msg and new_content are joined with either a newline separator, or
+    a horizontal line (if the keyword argument is provided).
+
+    It should be used in cases where the caller needs to join semi-related
+    ideas. Callers should instead use the join string method in cases where the
+    msg being constructed is a part of the same 'idea', or 'paragraph'.
+
+    Args:
+        msg: The original message to which we should append new_content.
+        new_content: the new string to add.
+        use_horizontal_divider: Whether to divide the content
+          with a horizontal line (in markdown.) Horizontal lines are surrounded
+          in newlines to ensure that it does not inadvertently cause preceding
+          content to become a Header.
+
+    Returns the msg containing the new content.
+    """
+    divider_string = ""
+    if use_horizontal_divider:
+        divider_string = "\n---\n"
+
+    return f"""
+{msg}
+{divider_string}
+{new_content}
+""".strip()  # Remove surrounding whitespace, like that which is added by putting """ on a newline here.
+
+
+def get_support_information():
+    reqs_doc_link = "https://github.com/redhat-certification/chart-verifier/blob/main/docs/helm-chart-checks.md#types-of-helm-chart-checks"
+    support_link = "https://access.redhat.com/articles/6463941"
+    return "\n".join(
+        [
+            "For information on the certification process see:",
+            f"- [Red Hat certification requirements and process for Kubernetes applications that are deployed using Helm charts.]({reqs_doc_link}).",
+            f"- For support, connect with our [Partner Acceleration Desk]({support_link}).",
+        ]
+    )
+
+
+def metadata_label(vendor_label, chart_name):
+    """Returns the metadata context that must suffix PR comments."""
+    return (
+        f'/metadata {{"vendor_label": "{vendor_label}", "chart_name": "{chart_name}"}}'
+    )
+
+
+def task_table(task_tuples):
+    """returns a markdown table containing tasks and their outcome
+
+    Args:
+        task_tuples: a list of two-length tuples where index 0 is the task
+          and index 1 is the outcome. These values should be short.
+    """
+    sorted(task_tuples)
+    msg = "|task|outcome|" + "\n|---|---|"
+    for task_tuple in task_tuples:
+        msg += f"\n|{task_tuple[0]}|{task_tuple[1]}|"
     return msg
 
+
+def overall_outcome(outcome):
+    return append_to("### Outcome:", f"**{outcome}**")
+
+
 def main():
     pr_content_result = sys.argv[1]
-    verify_result = sys.argv[2]
-    repository = sys.argv[3]
+    run_verifier_result = sys.argv[2]
+    verify_result = sys.argv[3]
     issue_number = open("./pr/NR").read().strip()
     vendor_label = open("./pr/vendor").read().strip()
     chart_name = open("./pr/chart").read().strip()
+
+    community_manual_review = os.environ.get("COMMUNITY_MANUAL_REVIEW", False)
+    oc_install_result = os.environ.get("OC_INSTALL_RESULT")
+
     msg = get_comment_header(issue_number)
-    oc_install_result = os.environ.get("OC_INSTALL_RESULT", False)
-    if pr_content_result == "failure":
-        msg += prepare_pr_content_failure_comment()
-        print(f"::set-output name=pr_passed::false")
-    elif verify_result == "failure":
-        community_manual_review = os.environ.get("COMMUNITY_MANUAL_REVIEW",False)
-        if community_manual_review:
-            msg += prepare_community_comment()
-            print(f"::set-output name=pr_passed::true")
+
+    # Assemble the detail separately to control order in which it is added to
+    # the overall output.
+    detail_message = "### Detail"
+
+    outcome = "Failed"
+
+    # Handle success explicitly
+    if (
+        pr_content_result == "success"
+        # run_verifier may not run if a report is not needed.
+        and run_verifier_result in ["success", "skipped"]
+        and verify_result == "success"
+        # installation of oc may not run if a cluster is not needed.
+        and oc_install_result in ["success", "skipped"]
+    ):
+        outcome = "Passed"
+        detail_message = append_to(detail_message, get_success_coment())
+        gitutils.add_output("pr_passed", "true")
+    else:  # Handle various failure scenarios.
+        if pr_content_result == "failure":
+            detail_message = append_to(
+                detail_message, prepare_pr_content_failure_comment()
+            )
+            gitutils.add_output("pr_passed", "false")
+        elif run_verifier_result == "failure":
+            detail_message = append_to(
+                detail_message, prepare_run_verifier_failure_comment()
+            )
+            gitutils.add_output("pr_passed", "false")
+        elif verify_result == "failure":
+            if community_manual_review:
+                outcome = "Pending Manual Review"
+                detail_message = append_to(detail_message, prepare_community_comment())
+                gitutils.add_output("pr_passed", "true")
+            else:
+                detail_message = append_to(detail_message, prepare_failure_comment())
+                gitutils.add_output("pr_passed", "false")
+        elif oc_install_result == "failure":
+            detail_message = append_to(
+                detail_message, prepare_oc_install_fail_comment()
+            )
+            gitutils.add_output("pr_passed", "false")
         else:
-            msg += prepare_failure_comment()
-            print(f"::set-output name=pr_passed::false")
-    elif oc_install_result == "failure":
-        msg += prepare_oc_install_fail_comment()
-        print(f"::set-output name=pr_passed::false")
-    else:
-        print(f"::set-output name=pr_passed::true")
-        msg += prepare_success_comment()
+            detail_message = append_to(detail_message, prepare_generic_fail_comment())
+            gitutils.add_output("pr_passed", "false")
 
-    msg += get_comment_footer(vendor_label, chart_name)
+    msg = append_to(msg, overall_outcome(outcome))
+    msg = append_to(msg, detail_message)
+    if outcome != "Passed":
+        table = task_table(
+            [
+                ("PR Content Check", pr_content_result),
+                ("Run Chart Verifier", run_verifier_result),
+                ("Result Verification", verify_result),
+                ("OpenShift Client Installation", oc_install_result),
+            ]
+        )
+        msg = append_to(msg, "### Task Insights")
+        msg = append_to(msg, "Here are the outcomes of tasks driving this result.")
+        msg = append_to(msg, table)
+
+    # All comments get helpful links and a metadata
+    msg = append_to(msg, get_support_information(), use_horizontal_divider=True)
+    msg = append_to(msg, metadata_label(vendor_label, chart_name))
+
+    # Print to the console so it's easily visible from CI.
+    print("*" * 30)
+    print(msg)
+    print("*" * 30)
 
     with open("./pr/comment", "w") as fd:
         fd.write(msg)
-        print(f"::set-output name=message-file::{fd.name}")
+        gitutils.add_output("message-file", fd.name)
+
 
 if __name__ == "__main__":
     main()
diff --git a/scripts/src/release/release_info.py b/scripts/src/release/release_info.py
index 3685463fdfc..073f01f3d4f 100644
--- a/scripts/src/release/release_info.py
+++ b/scripts/src/release/release_info.py
@@ -8,12 +8,12 @@
 import os
 
 
-RELEASE_INFO_FILE="release/release_info.json"
+RELEASE_INFO_FILE = "release/release_info.json"
 
 RELEASE_INFOS = {}
 
-def _get_release_info(directory):
 
+def _get_release_info(directory):
     global RELEASE_INFOS
 
     if not directory:
@@ -21,71 +21,93 @@ def _get_release_info(directory):
 
     root_dir = os.path.dirname(f"{os.getcwd()}/{directory}")
 
-    if not root_dir in RELEASE_INFOS:
-
+    if root_dir not in RELEASE_INFOS:
         print(f"Open release_info file: {root_dir}/{RELEASE_INFO_FILE}")
 
-        with open(f"{root_dir}/{RELEASE_INFO_FILE}",'r') as json_file:
+        with open(f"{root_dir}/{RELEASE_INFO_FILE}", "r") as json_file:
             RELEASE_INFOS[root_dir] = json.load(json_file)
 
     return RELEASE_INFOS[root_dir]
 
+
 def get_version(directory):
     info = _get_release_info(directory)
     return info["version"]
 
+
 def get_info(directory):
     info = _get_release_info(directory)
     return info["info"]
 
 
-def get_replaces(repo,directory):
-    print(f"get replaces for {repo}")
+def get_replaces(from_repo, to_repo, directory):
+    print(f"get replaces for {from_repo} to {to_repo} ")
     info = _get_release_info(directory)
-    if repo in info:
-        if "replace" in info[repo]:
-            print(f"replaces found: {info[repo]['replace']}")
-            return info[repo]["replace"]
+    if from_repo in info:
+        if "replace" in info[from_repo][to_repo]:
+            print(f"replaces found: {info[from_repo][to_repo]['replace']}")
+            return info[from_repo][to_repo]["replace"]
     print("no replaces found")
     return []
 
-def get_merges(repo,directory):
-    print(f"get merges for {repo}")
+
+def get_merges(from_repo, to_repo, directory):
+    print(f"get merges for {from_repo} to {to_repo}")
     info = _get_release_info(directory)
-    if repo in info:
-        if "merge" in info[repo]:
-            print(f"merges found: {info[repo]['merge']}")
-            return info[repo]["merge"]
+    if from_repo in info:
+        if "merge" in info[from_repo][to_repo]:
+            print(f"merges found: {info[from_repo][to_repo]['merge']}")
+            return info[from_repo][to_repo]["merge"]
     print("no merges found")
     return []
 
 
-def get_ignores(repo,directory):
-    print(f"get ignores for {repo}")
+def get_ignores(from_repo, to_repo, directory):
+    print(f"get ignores for {from_repo} to {to_repo}")
     info = _get_release_info(directory)
-    if repo in info:
-        if "ignore" in info[repo]:
-            print(f"ignores found: {info[repo]['ignore']}")
-            return info[repo]["ignore"]
+    if from_repo in info:
+        if "ignore" in info[from_repo][to_repo]:
+            print(f"ignores found: {info[from_repo][to_repo]['ignore']}")
+            return info[from_repo][to_repo]["ignore"]
     print("no ignores found")
     return []
 
 
 def main():
-
     print(f"[INFO] Version : {get_version('.')}")
 
-    print(f"[INFO] Dev repo merges : {get_merges('development','.')}")
+    # from development to charts
+    print(
+        f"[INFO] Dev to charts repo merges : {get_merges('development','charts','.')}"
+    )
+
+    print(
+        f"[INFO] Dev to charts repo replace : {get_replaces('development','charts','.')}"
+    )
+
+    print(
+        f"[INFO] Dev to charts repo ignore : {get_ignores('development','charts','.')}"
+    )
+
+    # from development to stage
+    print(f"[INFO] Dev to stage repo merges : {get_merges('development','stage','.')}")
 
-    print(f"[INFO] Dev repo replace : {get_replaces('development','.')}")
+    print(
+        f"[INFO] Dev to stage repo replace : {get_replaces('development','stage','.')}"
+    )
 
-    print(f"[INFO] Dev repo ignore : {get_ignores('development','.')}")
+    print(f"[INFO] Dev to stage repo ignore : {get_ignores('development','stage','.')}")
 
-    print(f"[INFO] Chart repo merges : {get_merges('charts','.')}")
+    # From charts to development
+    print(f"[INFO] Chart to dev repo merges : {get_merges('charts','development','.')}")
 
-    print(f"[INFO] Chart repo replace : {get_replaces('charts','.')}")
+    print(
+        f"[INFO] Chart to dev repo replace : {get_replaces('charts','development','.')}"
+    )
 
-    print(f"[INFO] Chart repo ignore : {get_ignores('charts','.')}")
+    print(
+        f"[INFO] Chart to dev repo ignore : {get_ignores('charts','development','.')}"
+    )
 
 
 if __name__ == "__main__":
diff --git a/scripts/src/release/releasechecker.py b/scripts/src/release/releasechecker.py
index 52383487413..135c9b78aa7 100644
--- a/scripts/src/release/releasechecker.py
+++ b/scripts/src/release/releasechecker.py
@@ -27,96 +27,93 @@
 import os
 import argparse
 import json
-import requests
 import semver
 import sys
 from release import release_info
 from release import releaser
+from reporegex import matchers
 
-sys.path.append('../')
+sys.path.append("../")
 from owners import checkuser
 from tools import gitutils
+from pullrequest import prartifact
 
 VERSION_FILE = "release/release_info.json"
-TYPE_MATCH_EXPRESSION = "(partners|redhat|community)"
 CHARTS_PR_BASE_REPO = gitutils.CHARTS_REPO
 CHARTS_PR_HEAD_REPO = gitutils.CHARTS_REPO
 DEV_PR_BASE_REPO = gitutils.DEVELOPMENT_REPO
 DEV_PR_HEAD_REPO = gitutils.DEVELOPMENT_REPO
+STAGE_PR_BASE_REPO = gitutils.STAGE_REPO
+STAGE_PR_HEAD_REPO = gitutils.STAGE_REPO
 DEFAULT_BOT_NAME = "openshift-helm-charts-bot"
 ERROR_IF_MATCH_NOT_FOUND = False
 ERROR_IF_MATCH_FOUND = True
 
-def check_file_in_pr(api_url,pattern,error_value):
 
+def check_file_in_pr(api_url, pattern, error_value):
     print("[INFO] check if PR for matching files")
-    files_api_url = f'{api_url}/files'
-    headers = {'Accept': 'application/vnd.github.v3+json'}
-    page_number = 1
-    max_page_size,page_size = 100,100
-    file_count = 0
-
-    while page_size == max_page_size:
-
-        files_api_query = f'{files_api_url}?per_page={page_size}&page={page_number}'
-        print(f"[INFO] Query files : {files_api_query}")
-        pr_files = requests.get(files_api_query,headers=headers)
-        files = pr_files.json()
-        page_size = len(files)
-        file_count += page_size
-        page_number += 1
-
-        for f in files:
-            file_path = f["filename"]
-            match = pattern.match(file_path)
-            if not match and not error_value:
-                print(f"[INFO] stop non match found  : {file_path}")
-                return False
-            elif match and error_value:
-                print(f"[INFO] stop match found  : {file_path}")
-                return False
+    files = prartifact.get_modified_files(api_url)
+
+    for file_path in files:
+        match = pattern.match(file_path)
+        if not match and not error_value:
+            print(f"[INFO] stop non match found  : {file_path}")
+            return False
+        elif match and error_value:
+            print(f"[INFO] stop match found  : {file_path}")
+            return False
 
     return True
 
 
 def check_if_only_charts_are_included(api_url):
     print("[INFO] check if only chart files are included")
-    chart_pattern = re.compile(r"charts/"+TYPE_MATCH_EXPRESSION+"/([\w-]+)/([\w-]+)/.*")
+    chart_pattern = re.compile(
+        matchers.submission_path_matcher(include_version_matcher=False) + r"./*"
+    )
     return check_file_in_pr(api_url, chart_pattern, ERROR_IF_MATCH_NOT_FOUND)
 
+
 def check_if_no_charts_are_included(api_url):
     print("[INFO] check if no chart files are included")
-    chart_pattern = re.compile(r"charts/"+TYPE_MATCH_EXPRESSION+"/([\w-]+)/([\w-]+)/.*")
+    chart_pattern = re.compile(
+        matchers.submission_path_matcher(include_version_matcher=False) + r"./*"
+    )
     return check_file_in_pr(api_url, chart_pattern, ERROR_IF_MATCH_FOUND)
 
+
 def check_if_only_version_file_is_modified(api_url):
     print("[INFO] check if only version file is modified")
     pattern_versionfile = re.compile(r"release/release_info.json")
     return check_file_in_pr(api_url, pattern_versionfile, ERROR_IF_MATCH_NOT_FOUND)
 
-def check_if_dev_release_branch(sender,pr_branch,pr_body,api_url,pr_head_repo):
 
+def check_if_dev_release_branch(sender, pr_branch, pr_body, api_url, pr_head_repo):
     print("[INFO] check if PR is release branch on dev")
 
-    if sender!=os.environ.get("BOT_NAME") and sender!=DEFAULT_BOT_NAME:
+    if sender != os.environ.get("BOT_NAME") and sender != DEFAULT_BOT_NAME:
         print(f"Sender indicates PR is not part of a release: {sender}")
         return False
 
     if not checkuser.verify_user(sender):
         print(f"Sender is not authorized to create a release PR : {sender}")
         return False
-    
+
     if not pr_branch.startswith(releaser.DEV_PR_BRANCH_NAME_PREFIX):
         print(f"PR branch indicates PR is not part of a release: {pr_branch}")
         return False
 
     version = pr_branch.removeprefix(releaser.DEV_PR_BRANCH_NAME_PREFIX)
     if not semver.VersionInfo.isvalid(version):
-        print(f"Release part ({version}) of branch name {pr_branch} is not a valid semantic version.")
+        print(
+            f"Release part ({version}) of branch name {pr_branch} is not a valid semantic version."
+        )
         return False
 
     if not pr_head_repo.endswith(DEV_PR_HEAD_REPO):
-        print(f"PR does not have the expected origin. Got: {pr_head_repo}, expected: {DEV_PR_HEAD_REPO}")
+        print(
+            f"PR does not have the expected origin. Got: {pr_head_repo}, expected: {DEV_PR_HEAD_REPO}"
+        )
         return False
 
     if not pr_body.startswith(releaser.DEV_PR_BRANCH_BODY_PREFIX):
@@ -125,11 +122,11 @@ def check_if_dev_release_branch(sender,pr_branch,pr_body,api_url,pr_head_repo):
 
     return check_if_only_charts_are_included(api_url)
 
-def check_if_charts_release_branch(sender,pr_branch,pr_body,api_url,pr_head_repo):
 
+def check_if_charts_release_branch(sender, pr_branch, pr_body, api_url, pr_head_repo):
     print("[INFO] check if PR is release branch on charts")
 
-    if sender!=os.environ.get("BOT_NAME") and sender!=DEFAULT_BOT_NAME:
+    if sender != os.environ.get("BOT_NAME") and sender != DEFAULT_BOT_NAME:
         print(f"Sender indicates PR is not part of a release: {sender}")
         return False
 
@@ -143,11 +140,17 @@ def check_if_charts_release_branch(sender,pr_branch,pr_body,api_url,pr_head_repo
 
     version = pr_branch.removeprefix(releaser.CHARTS_PR_BRANCH_NAME_PREFIX)
     if not semver.VersionInfo.isvalid(version):
-        print(f"Release part ({version}) of branch name {pr_branch} is not a valid semantic version.")
+        print(
+            f"Release part ({version}) of branch name {pr_branch} is not a valid semantic version."
+        )
         return False
 
-    if not pr_head_repo.endswith(CHARTS_PR_HEAD_REPO):
-        print(f"PR does not have the expected origin. Got: {pr_head_repo}, expected: {CHARTS_PR_HEAD_REPO}")
+    if not pr_head_repo.endswith(CHARTS_PR_HEAD_REPO) and not pr_head_repo.endswith(
+        STAGE_PR_HEAD_REPO
+    ):
+        print(
+            f"PR does not have the expected origin. Got: {pr_head_repo}, expected: {CHARTS_PR_HEAD_REPO}"
+        )
         return False
 
     if not pr_body.startswith(releaser.CHARTS_PR_BRANCH_BODY_PREFIX):
@@ -164,7 +167,8 @@ def make_release_body(version, release_info):
         body += f"- {info}<br>"
 
     print(f"[INFO] Release body: {body}")
-    print(f"::set-output name=PR_release_body::{body}")
+    gitutils.add_output("PR_release_body", body)
+
 
 def get_version_info():
     data = {}
@@ -172,22 +176,60 @@ def get_version_info():
         data = json.load(json_file)
     return data
 
+
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument("-a", "--api-url", dest="api_url", type=str, required=False,
-                        help="API URL for the pull request")
-    parser.add_argument("-v", "--version", dest="version", type=str, required=False,
-                        help="Version to compare")
-    parser.add_argument("-s", "--sender", dest="sender", type=str, required=False,
-                        help="sender of the PR")
-    parser.add_argument("-b", "--pr_branch", dest="pr_branch", type=str, required=False,
-                        help="PR branch name")
-    parser.add_argument("-t", "--pr_body", dest="pr_body", type=str, required=False,
-                        help="PR title")
-    parser.add_argument("-r", "--pr_base_repo", dest="pr_base_repo", type=str, required=False,
-                        help="PR target repo")
-    parser.add_argument("-z", "--pr_head_repo", dest="pr_head_repo", type=str, required=False,
-                        help="PR source repo")
+    parser.add_argument(
+        "-a",
+        "--api-url",
+        dest="api_url",
+        type=str,
+        required=False,
+        help="API URL for the pull request",
+    )
+    parser.add_argument(
+        "-v",
+        "--version",
+        dest="version",
+        type=str,
+        required=False,
+        help="Version to compare",
+    )
+    parser.add_argument(
+        "-s",
+        "--sender",
+        dest="sender",
+        type=str,
+        required=False,
+        help="sender of the PR",
+    )
+    parser.add_argument(
+        "-b",
+        "--pr_branch",
+        dest="pr_branch",
+        type=str,
+        required=False,
+        help="PR branch name",
+    )
+    parser.add_argument(
+        "-t", "--pr_body", dest="pr_body", type=str, required=False, help="PR title"
+    )
+    parser.add_argument(
+        "-r",
+        "--pr_base_repo",
+        dest="pr_base_repo",
+        type=str,
+        required=False,
+        help="PR target repo",
+    )
+    parser.add_argument(
+        "-z",
+        "--pr_head_repo",
+        dest="pr_head_repo",
+        type=str,
+        required=False,
+        help="PR source repo",
+    )
 
     args = parser.parse_args()
 
@@ -202,47 +244,70 @@ def main():
 
     if args.pr_branch:
         if args.pr_base_repo.endswith(DEV_PR_BASE_REPO):
-            if check_if_dev_release_branch(args.sender,args.pr_branch,args.pr_body,args.api_url,args.pr_head_repo):
-                print('[INFO] Dev release pull request found')
-                print(f'::set-output name=dev_release_branch::true')
-                version = args.pr_branch.removeprefix(releaser.DEV_PR_BRANCH_NAME_PREFIX)
-                print(f'::set-output name=PR_version::{version}')
-                print(f"::set-output name=PR_release_body::{args.pr_body}")
-        elif args.pr_base_repo.endswith(CHARTS_PR_BASE_REPO):
-            if check_if_charts_release_branch(args.sender,args.pr_branch,args.pr_body,args.api_url,args.pr_head_repo):
-                print('[INFO] Workflow release pull request found')
-                print(f'::set-output name=charts_release_branch::true')
+            if check_if_dev_release_branch(
+                args.sender,
+                args.pr_branch,
+                args.pr_body,
+                args.api_url,
+                args.pr_head_repo,
+            ):
+                print("[INFO] Dev release pull request found")
+                gitutils.add_output("dev_release_branch", "true")
+                version = args.pr_branch.removeprefix(
+                    releaser.DEV_PR_BRANCH_NAME_PREFIX
+                )
+                gitutils.add_output("PR_version", version)
+                gitutils.add_output("PR_release_body", args.pr_body)
+        elif args.pr_base_repo.endswith(
+            CHARTS_PR_BASE_REPO
+        ) or args.pr_base_repo.endswith(STAGE_PR_BASE_REPO):
+            if check_if_charts_release_branch(
+                args.sender,
+                args.pr_branch,
+                args.pr_body,
+                args.api_url,
+                args.pr_head_repo,
+            ):
+                print("[INFO] Workflow release pull request found")
+                gitutils.add_output("charts_release_branch", "true")
+
     elif args.api_url:
-        ## should be on PR branch
+        # should be on PR branch
         if args.pr_base_repo.endswith(DEV_PR_BASE_REPO):
             version_only = check_if_only_version_file_is_modified(args.api_url)
             user_authorized = checkuser.verify_user(args.sender)
             if version_only and user_authorized:
                 organization = args.pr_base_repo.removesuffix(DEV_PR_BASE_REPO)
-                print(f'::set-output name=charts_repo::{organization}{CHARTS_PR_BASE_REPO}')
+                gitutils.add_output(
+                    "charts_repo", f"{organization}{CHARTS_PR_BASE_REPO}"
+                )
+                gitutils.add_output("stage_repo", f"{organization}{STAGE_PR_BASE_REPO}")
                 version = release_info.get_version("./")
                 version_info = release_info.get_info("./")
-                print(f'[INFO] Release found in PR files : {version}.')
-                print(f'::set-output name=PR_version::{version}')
-                print(f'::set-output name=PR_release_info::{version_info}')
-                print(f'::set-output name=PR_includes_release_only::true')
-                make_release_body(version,version_info)
+                print(f"[INFO] Release found in PR files : {version}.")
+                gitutils.add_output("PR_version", version)
+                gitutils.add_output("PR_release_info", version_info)
+                gitutils.add_output("PR_includes_release_only", "true")
+                make_release_body(version, version_info)
             elif version_only and not user_authorized:
-                print(f'[ERROR] sender not authorized : {args.sender}.')
-                print(f'::set-output name=sender_not_authorized::true')
+                print(f"[ERROR] sender not authorized : {args.sender}.")
+                gitutils.add_output("sender_not_authorized", "true")
             else:
-                print('[INFO] Not a release PR')
+                print("[INFO] Not a release PR")
         else:
-            print(f'[INFO] Not a release PR, target is not : {DEV_PR_BASE_REPO}.')
+            print(f"[INFO] Not a release PR, target is not : {DEV_PR_BASE_REPO}.")
     else:
         version = release_info.get_version("./")
         if args.version:
             # should be on main branch
-            if semver.compare(args.version,version) > 0 :
-                print(f'[INFO] Release {args.version} found in PR files is newer than: {version}.')
-                print(f'::set-output name=release_updated::true')
+            if semver.compare(args.version, version) > 0:
+                print(
+                    f"[INFO] Release {args.version} found in PR files is newer than: {version}."
+                )
+                gitutils.add_output("release_updated", "true")
             else:
-                print(f'[ERROR] Release found in PR files is not new  : {args.version}.')
+                print(
+                    f"[ERROR] Release found in PR files is not new  : {args.version}."
+                )
         else:
-            print(f'[ERROR] no valid parameter set to release checker.')
-
+            print("[ERROR] no valid parameter set to release checker.")
diff --git a/scripts/src/release/releaser.py b/scripts/src/release/releaser.py
index 02cd03ca579..0f5926b21a2 100644
--- a/scripts/src/release/releaser.py
+++ b/scripts/src/release/releaser.py
@@ -19,72 +19,82 @@
 
 
 """
-import yaml
 import os
 import argparse
 import sys
 import shutil
 from release import release_info
 
-sys.path.append('../')
+sys.path.append("../")
 from tools import gitutils
 
-VERSION_CHECK_YAML_FILE=".github/workflows/version_check.yml"
-BUILD_YAML_FILE=".github/workflows/build.yml"
-DEV_PR_BRANCH_BODY_PREFIX="Charts workflow version"
-DEV_PR_BRANCH_NAME_PREFIX="Auto-Release-"
-CHARTS_PR_BRANCH_BODY_PREFIX="Workflow and script updates from development repository"
-CHARTS_PR_BRANCH_NAME_PREFIX="Release-"
+VERSION_CHECK_YAML_FILE = ".github/workflows/version_check.yml"
+BUILD_YAML_FILE = ".github/workflows/build.yml"
+DEV_PR_BRANCH_BODY_PREFIX = "Charts workflow version"
+DEV_PR_BRANCH_NAME_PREFIX = "Auto-Release-"
+CHARTS_PR_BRANCH_BODY_PREFIX = "Workflow and script updates from development repository"
+CHARTS_PR_BRANCH_NAME_PREFIX = "Release-"
+STAGE_PR_BRANCH_BODY_PREFIX = "Workflow and script updates from development repository"
+STAGE_PR_BRANCH_NAME_PREFIX = "Release-"
 
 SCHEDULE_INSERT = [
-    '  # Daily trigger to check updates',
-    '  schedule:',
-    '    - cron: "0 0 * * *"'
+    "  # Daily trigger to check updates",
+    "  schedule:",
+    '    - cron: "0 0 * * *"',
 ]
 
-def update_workflow():
-
-    lines=[]
-    with open(VERSION_CHECK_YAML_FILE,'r') as schedule_file:
 
+def update_workflow():
+    lines = []
+    with open(VERSION_CHECK_YAML_FILE, "r") as schedule_file:
         lines = schedule_file.readlines()
 
         for line in lines:
             if line.strip() == "on:":
-                insert_location = lines.index(line)+1
+                insert_location = lines.index(line) + 1
                 if SCHEDULE_INSERT[0] not in lines[insert_location].rstrip():
                     print("[INFO] add cron job to schedule.yaml")
-                    lines.insert(insert_location,f"{SCHEDULE_INSERT[0]}\n")
-                    lines.insert(insert_location+1,f"{SCHEDULE_INSERT[1]}\n")
-                    lines.insert(insert_location+2,f"{SCHEDULE_INSERT[2]}\n")
+                    lines.insert(insert_location, f"{SCHEDULE_INSERT[0]}\n")
+                    lines.insert(insert_location + 1, f"{SCHEDULE_INSERT[1]}\n")
+                    lines.insert(insert_location + 2, f"{SCHEDULE_INSERT[2]}\n")
                     break
 
-    with open(VERSION_CHECK_YAML_FILE,'w') as schedule_file:
+    with open(VERSION_CHECK_YAML_FILE, "w") as schedule_file:
         schedule_file.write("".join(lines))
 
-def make_required_changes(release_info_dir,origin,destination):
 
+def make_required_changes(release_info_dir, origin, destination):
     print(f"Make required changes from {origin} to {destination}")
 
-    repository = "development"
-    if "charts" in origin or "development" in destination:
-        repository = "charts"
+    if "charts" in origin and "dev" in destination:
+        from_repository = "charts"
+        to_repository = "development"
+    elif "dev" in origin and "charts" in destination:
+        from_repository = "development"
+        to_repository = "charts"
+    elif "dev" in origin and "stage" in destination:
+        from_repository = "development"
+        to_repository = "stage"
+    else:
+        sys.exit("Wrong arguments while calling make_required_changes")
 
-    replaces = release_info.get_replaces(repository,release_info_dir)
+    replaces = release_info.get_replaces(
+        from_repository, to_repository, release_info_dir
+    )
 
     for replace in replaces:
-        replace_this=f"{destination}/{replace}"
+        replace_this = f"{destination}/{replace}"
         with_this = f"{origin}/{replace}"
         if os.path.isdir(with_this) or os.path.isdir(replace_this):
             print(f"Replace directory {replace_this} with {with_this}")
             if os.path.isdir(replace_this):
                 shutil.rmtree(replace_this)
-            shutil.copytree(with_this,replace_this)
+            shutil.copytree(with_this, replace_this)
         else:
             print(f"Replace file {replace_this} with {with_this}")
-            shutil.copy2(with_this,replace_this)
+            shutil.copy2(with_this, replace_this)
 
-    merges =  release_info.get_merges(repository,release_info_dir)
+    merges = release_info.get_merges(from_repository, to_repository, release_info_dir)
 
     for merge in merges:
         merge_this = f"{origin}/{merge}"
@@ -92,13 +102,12 @@ def make_required_changes(release_info_dir,origin,destination):
 
         if os.path.isdir(merge_this) or os.path.isdir(into_this):
             print(f"Merge directory {merge_this} with {into_this}")
-            shutil.copytree(merge_this,into_this,dirs_exist_ok=True)
+            shutil.copytree(merge_this, into_this, dirs_exist_ok=True)
         else:
             print(f"Merge file {merge_this} with {into_this}")
-            shutil.copy2(merge_this,into_this)
+            shutil.copy2(merge_this, into_this)
 
-
-    ignores = release_info.get_ignores(repository,release_info_dir)
+    ignores = release_info.get_ignores(from_repository, to_repository, release_info_dir)
     for ignore in ignores:
         ignore_this = f"{destination}/{ignore}"
         if os.path.isdir(ignore_this):
@@ -110,23 +119,72 @@ def make_required_changes(release_info_dir,origin,destination):
 
 
 def main():
-
     parser = argparse.ArgumentParser()
 
-    parser.add_argument("-v", "--version", dest="version", type=str, required=True,
-                        help="Version to compare")
-    parser.add_argument("-d", "--development_dir", dest="dev_dir", type=str, required=True,
-                       help="Directory of development code with latest release info.")
-    parser.add_argument("-c", "--charts_dir", dest="charts_dir", type=str, required=True,
-                        help="Directory of charts code.")
-    parser.add_argument("-p", "--pr_dir", dest="pr_dir", type=str, required=True,
-                        help="Directory of pull request code.")
-    parser.add_argument("-b", "--dev_pr_body", dest="dev_pr_body", type=str, required=True,
-                        help="Body to use for the dev PR")
-    parser.add_argument("-t", "--target_branch", dest="target_branch", type=str, required=True,
-                        help="Target branch of the Pull Request" )
-    parser.add_argument("-r", "--target_repository", dest="target_repository", type=str, required=True,
-                        help="Repository which is the target of the pull request" )
+    parser.add_argument(
+        "-v",
+        "--version",
+        dest="version",
+        type=str,
+        required=True,
+        help="Version to compare",
+    )
+    parser.add_argument(
+        "-d",
+        "--development_dir",
+        dest="dev_dir",
+        type=str,
+        required=True,
+        help="Directory of development code with latest release info.",
+    )
+    parser.add_argument(
+        "-c",
+        "--charts_dir",
+        dest="charts_dir",
+        type=str,
+        required=True,
+        help="Directory of charts code.",
+    )
+    parser.add_argument(
+        "-s",
+        "--stage_dir",
+        dest="stage_dir",
+        type=str,
+        required=True,
+        help="Directory of stage code.",
+    )
+    parser.add_argument(
+        "-p",
+        "--pr_dir",
+        dest="pr_dir",
+        type=str,
+        required=True,
+        help="Directory of pull request code.",
+    )
+    parser.add_argument(
+        "-b",
+        "--dev_pr_body",
+        dest="dev_pr_body",
+        type=str,
+        required=True,
+        help="Body to use for the dev PR",
+    )
+    parser.add_argument(
+        "-t",
+        "--target_branch",
+        dest="target_branch",
+        type=str,
+        required=True,
+        help="Target branch of the Pull Request",
+    )
+    parser.add_argument(
+        "-r",
+        "--target_repository",
+        dest="target_repository",
+        type=str,
+        required=True,
+        help="Repository which is the target of the pull request",
+    )
 
     args = parser.parse_args()
 
@@ -134,58 +192,93 @@ def main():
     print(f"[INFO] arg version : {args.version}")
     print(f"[INFO] arg dev_dir : {args.dev_dir}")
     print(f"[INFO] arg charts_dir : {args.charts_dir}")
+    print(f"[INFO] arg stage_dir : {args.stage_dir}")
     print(f"[INFO] arg pr_dir : {args.pr_dir}")
     print(f"[INFO] arg dev_pr_body : {args.dev_pr_body}")
     print(f"[INFO] arg target_branch :  {args.target_branch}")
     print(f"[INFO] arg target_repository :  {args.target_repository}")
 
-
     start_directory = os.getcwd()
     print(f"working directory: {start_directory}")
 
-    print(f"make changes to charts from development")
-    make_required_changes(args.pr_dir,args.dev_dir,args.charts_dir)
+    print("make changes to charts from development")
+    make_required_changes(args.pr_dir, args.dev_dir, args.charts_dir)
 
-    print(f"edit files in charts")
+    print("edit files in charts")
     os.chdir(args.charts_dir)
     update_workflow()
 
     organization = args.target_repository.split("/")[0]
-    charts_repository=f"{organization}{gitutils.CHARTS_REPO}"
-    print(f"create charts pull request, repository: {charts_repository}, branch: {args.target_branch} ")
+    charts_repository = f"{organization}{gitutils.CHARTS_REPO}"
+    print(
+        f"create charts pull request, repository: {charts_repository}, branch: {args.target_branch} "
+    )
     branch_name = f"{CHARTS_PR_BRANCH_NAME_PREFIX}{args.version}"
-    message = f'{CHARTS_PR_BRANCH_BODY_PREFIX} {branch_name}'
-    outcome = gitutils.create_pr(branch_name,[],charts_repository,message,args.target_branch)
+    message = f"{CHARTS_PR_BRANCH_BODY_PREFIX} {branch_name}"
+    outcome = gitutils.create_pr(
+        branch_name, [], charts_repository, message, args.target_branch
+    )
     if outcome == gitutils.PR_CREATED:
-        print(f'::set-output name=charts_pr_created::true')
+        gitutils.add_output("charts_pr_created", "true")
     elif outcome == gitutils.PR_NOT_NEEDED:
-        print(f'::set-output name=charts_pr_not_needed::true')
+        gitutils.add_output("charts_pr_not_needed", "true")
     else:
         print("[ERROR] error creating charts PR")
-        print(f'::set-output name=charts_pr_error::true')
+        gitutils.add_output("charts_pr_error", "true")
         os.chdir(start_directory)
         return
 
     os.chdir(start_directory)
 
-    print(f"make changes to development from charts")
-    make_required_changes(args.pr_dir,args.charts_dir,args.dev_dir)
+    print("make changes to development from charts")
+    make_required_changes(args.pr_dir, args.charts_dir, args.dev_dir)
 
     os.chdir(args.dev_dir)
-    print(f"create development pull request")
+    print("create development pull request")
     branch_name = f"{DEV_PR_BRANCH_NAME_PREFIX}{args.version}"
-    outcome = gitutils.create_pr(branch_name,[release_info.RELEASE_INFO_FILE],args.target_repository,args.dev_pr_body,args.target_branch)
+    outcome = gitutils.create_pr(
+        branch_name,
+        [release_info.RELEASE_INFO_FILE],
+        args.target_repository,
+        args.dev_pr_body,
+        args.target_branch,
+    )
     if outcome == gitutils.PR_CREATED:
         print("Dev PR successfully created.")
-        print(f'::set-output name=dev_pr_created::true')
+        gitutils.add_output("dev_pr_created", "true")
     elif outcome == gitutils.PR_NOT_NEEDED:
         print("Dev PR not needed.")
-        print(f'::set-output name=dev_pr_not_needed::true')
+        gitutils.add_output("dev_pr_not_needed", "true")
     else:
         print("[ERROR] error creating development PR.")
-        print('::set-output name=dev_pr_error::true')
+        gitutils.add_output("dev_pr_error", "true")
+
+    os.chdir(start_directory)
+
+    print("make changes to stage from development")
+    make_required_changes(args.pr_dir, args.dev_dir, args.stage_dir)
+    os.chdir(args.stage_dir)
+    stage_repository = f"{organization}{gitutils.STAGE_REPO}"
+    print(
+        f"create stage pull request, repository: {stage_repository}, branch: {args.target_branch} "
+    )
+    branch_name = f"{STAGE_PR_BRANCH_NAME_PREFIX}{args.version}"
+    message = f"{STAGE_PR_BRANCH_BODY_PREFIX} {branch_name}"
+    outcome = gitutils.create_pr(
+        branch_name, [], stage_repository, message, args.target_branch
+    )
+    if outcome == gitutils.PR_CREATED:
+        gitutils.add_output("stage_pr_created", "true")
+    elif outcome == gitutils.PR_NOT_NEEDED:
+        gitutils.add_output("stage_pr_not_needed", "true")
+    else:
+        print("[ERROR] error creating stage PR")
+        gitutils.add_output("stage_pr_error", "true")
+        os.chdir(start_directory)
+        return
 
     os.chdir(start_directory)
 
+
 if __name__ == "__main__":
     main()
diff --git a/scripts/src/reporegex/__init__.py b/scripts/src/reporegex/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/scripts/src/reporegex/matchers.py b/scripts/src/reporegex/matchers.py
new file mode 100644
index 00000000000..2519a720f67
--- /dev/null
+++ b/scripts/src/reporegex/matchers.py
@@ -0,0 +1,41 @@
+def submission_path_matcher(
+    base_dir="charts", strict_categories=True, include_version_matcher=True
+):
+    """Returns a regex string with various submission-related groupings.
+
+    The groupings returned (in order) are: category, organization, chart name,
+    and optionally, version.
+
+    Callers should append any relevant path matching to the end of the string
+    returned from this function. E.g. "/.*"
+
+    Args:
+        base_dir: The base path of the expression statement. Should
+          not be empty.
+        strict_categories: Whether the category matcher should match only the
+          relevant categories, or any word at all.
+        include_version_matcher: Whether or not the version matcher should be
+          appended. In some cases, the caller of this regex doesn't care about the
+          versioning detail.
+
+    Returns:
+        A regular expression-compatible string with the mentioned groupings.
+    """
+
+    relaxedCategoryMatcher = "\w+"
+    strictCategoryMatcher = "partners|redhat|community"
+
+    categoryMatcher = (
+        strictCategoryMatcher if strict_categories else relaxedCategoryMatcher
+    )
+    organizationMatcher = "[\w-]+"
+    chartMatcher = "[\w-]+"
+    versionMatcher = "[\w\.\-+]+"
+
+    matcher = (
+        rf"{base_dir}/({categoryMatcher})/({organizationMatcher})/({chartMatcher})"
+    )
+    if include_version_matcher:
+        matcher += rf"/({versionMatcher})"
+
+    return matcher
diff --git a/scripts/src/report/get_verify_params.py b/scripts/src/report/get_verify_params.py
index c8a69116b9d..58152d8f2bc 100644
--- a/scripts/src/report/get_verify_params.py
+++ b/scripts/src/report/get_verify_params.py
@@ -1,16 +1,38 @@
-
 import os
 import sys
 import argparse
 
-sys.path.append('../')
+sys.path.append("../")
 from chartprreview import chartprreview
+from signedchart import signedchart
+from tools import gitutils
+
+
+def get_report_full_path(category, organization, chart, version):
+    return os.path.join(
+        os.getcwd(), get_report_relative_path(category, organization, chart, version)
+    )
+
 
-def generate_verify_options(directory,category, organization, chart, version):
-    print("[INFO] Generate verify options. %s, %s, %s" % (organization,chart,version))
-    src = os.path.join(os.getcwd(), "charts", category, organization, chart, version, "src")
-    report_path = os.path.join(os.getcwd(),"charts", category, organization, chart, version, "report.yaml")
-    tar = os.path.join(os.getcwd(),"charts", category, organization, chart, version, f"{chart}-{version}.tgz")
+def get_report_relative_path(category, organization, chart, version):
+    return os.path.join("charts", category, organization, chart, version, "report.yaml")
+
+
+def generate_verify_options(directory, category, organization, chart, version):
+    print("[INFO] Generate verify options. %s, %s, %s" % (organization, chart, version))
+    src = os.path.join(
+        os.getcwd(), "charts", category, organization, chart, version, "src"
+    )
+    report_path = get_report_full_path(category, organization, chart, version)
+    tar = os.path.join(
+        os.getcwd(),
+        "charts",
+        category,
+        organization,
+        chart,
+        version,
+        f"{chart}-{version}.tgz",
+    )
 
     print(f"[INF0] report path exists = {os.path.exists(report_path)} : {report_path}")
     print(f"[INF0] src path exists = {os.path.exists(src)} : {src}")
@@ -18,42 +40,75 @@ def generate_verify_options(directory,category, organization, chart, version):
 
     flags = f"--set profile.vendortype={category}"
     cluster_needed = True
+    report_provided = False
     if os.path.exists(report_path):
         print("[INFO] report is included")
         flags = f"{flags} -e has-readme"
         cluster_needed = False
+        report_provided = True
 
     if os.path.exists(src) and not os.path.exists(tar):
         print("[INFO] chart src included")
-        return flags,src,True, cluster_needed
+        return flags, src, True, cluster_needed, report_provided
     elif os.path.exists(tar) and not os.path.exists(src):
         print("[INFO] tarball included")
-        return flags,tar,True, cluster_needed
+        if not os.path.exists(report_path):
+            owners_file = os.path.join(
+                os.getcwd(), "charts", category, organization, chart, "OWNERS"
+            )
+            signed_flags = signedchart.get_verifier_flags(tar, owners_file, directory)
+            if signed_flags:
+                print(f"[INFO] include flags for signed chart: {signed_flags}")
+                flags = f"{flags} {signed_flags}"
+        return flags, tar, True, cluster_needed, report_provided
     elif os.path.exists(tar) and os.path.exists(src):
         msg = "[ERROR] Both chart source directory and tarball should not exist"
         chartprreview.write_error_log(directory, msg)
         sys.exit(1)
     else:
         print("[INFO] report only")
-        return "","",False,False
-
+        return "", "", False, False, report_provided
 
 
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument("-u", "--api-url", dest="api_url", type=str, required=True,
-                        help="API URL for the pull request")
-    parser.add_argument("-d", "--directory", dest="directory", type=str, required=True,
-                        help="artifact directory for archival")
+    parser.add_argument(
+        "-u",
+        "--api-url",
+        dest="api_url",
+        type=str,
+        required=True,
+        help="API URL for the pull request",
+    )
+    parser.add_argument(
+        "-d",
+        "--directory",
+        dest="directory",
+        type=str,
+        required=True,
+        help="artifact directory for archival",
+    )
 
     args = parser.parse_args()
 
-    category, organization, chart, version = chartprreview.get_modified_charts(args.directory, args.api_url)
+    category, organization, chart, version = chartprreview.get_modified_charts(
+        args.directory, args.api_url
+    )
 
-    flags,chart_uri,report_needed,cluster_needed = generate_verify_options(args.directory,category, organization, chart, version)
-    print(f"::set-output name=report_needed::{report_needed}")
-    print(f"::set-output name=cluster_needed::{cluster_needed}")
+    (
+        flags,
+        chart_uri,
+        report_needed,
+        cluster_needed,
+        report_provided,
+    ) = generate_verify_options(args.directory, category, organization, chart, version)
+    gitutils.add_output("report_provided", report_provided)
+    gitutils.add_output(
+        "provided_report_relative_path",
+        get_report_relative_path(category, organization, chart, version),
+    )
+    gitutils.add_output("report_needed", report_needed)
+    gitutils.add_output("cluster_needed", cluster_needed)
     if report_needed:
-        print(f"::set-output name=verify_args::{flags}")
-        print(f"::set-output name=verify_uri::{chart_uri}")
-
+        gitutils.add_output("verify_args", flags)
+        gitutils.add_output("verify_uri", chart_uri)
diff --git a/scripts/src/report/report_info.py b/scripts/src/report/report_info.py
index b78a65e7966..304446cf0e0 100644
--- a/scripts/src/report/report_info.py
+++ b/scripts/src/report/report_info.py
@@ -1,4 +1,3 @@
-
 import os
 import sys
 import docker
@@ -9,50 +8,105 @@
 REPORT_RESULTS = "results"
 REPORT_DIGESTS = "digests"
 REPORT_METADATA = "metadata"
+SHA_ERROR = "Digest in report did not match report content"
+
+
+def write_error_log(*msg):
+    directory = os.environ.get("WORKFLOW_WORKING_DIRECTORY")
+    if directory:
+        os.makedirs(directory, exist_ok=True)
+        with open(os.path.join(directory, "errors"), "w") as fd:
+            for line in msg:
+                fd.write(line)
+                fd.write("\n")
+
+    for line in msg:
+        print(line)
 
-def _get_report_info(report_path, report_info_path,info_type, profile_type, profile_version):
 
+def _get_report_info(
+    report_path, report_info_path, info_type, profile_type, profile_version
+):
     if report_info_path and len(report_info_path) > 0:
         print(f"[INFO] Using existing report info: {report_info_path}")
         report_out = json.load(open(report_info_path))
     else:
-        command = f"report"
+        command = "report"
         set_values = ""
         if profile_type:
             set_values = "profile.vendortype=%s" % profile_type
         if profile_version:
             if set_values:
-                set_values = "%s,profile.version=%s" % (set_values,profile_version)
+                set_values = "%s,profile.version=%s" % (set_values, profile_version)
             else:
                 set_values = "profile.version=%s" % profile_version
 
         if os.environ.get("VERIFIER_IMAGE"):
             print(f"[INFO] Generate report info using docker  : {report_path}")
-            docker_command = f"{command} {info_type} /charts/{os.path.basename(report_path)}"
+            docker_command = (
+                f"{command} {info_type} /charts/{os.path.basename(report_path)}"
+            )
             if set_values:
                 docker_command = "%s --set %s" % (docker_command, set_values)
 
             client = docker.from_env()
             report_directory = os.path.dirname(os.path.abspath(report_path))
-            print(f'Call docker using image: {os.environ.get("VERIFIER_IMAGE")}, docker command: {docker_command}, report directory: {report_directory}')
-            output = client.containers.run(os.environ.get("VERIFIER_IMAGE"),docker_command,stdin_open=True,tty=True,stdout=True,volumes={report_directory: {'bind': '/charts/', 'mode': 'rw'}})
+            print(
+                f'Call docker using image: {os.environ.get("VERIFIER_IMAGE")}, docker command: {docker_command}, report directory: {report_directory}'
+            )
+            output = client.containers.run(
+                os.environ.get("VERIFIER_IMAGE"),
+                docker_command,
+                stdin_open=True,
+                tty=True,
+                stdout=True,
+                volumes={report_directory: {"bind": "/charts/", "mode": "rw"}},
+            )
         else:
-            print(f"[INFO] Generate report info using chart-verifier on path : {os.path.abspath(report_path)}")
+            print(
+                f"[INFO] Generate report info using chart-verifier on path : {os.path.abspath(report_path)}"
+            )
             if set_values:
-                out = subprocess.run(["chart-verifier",command,info_type,"--set",set_values,os.path.abspath(report_path)],capture_output=True)
+                out = subprocess.run(
+                    [
+                        "chart-verifier",
+                        command,
+                        info_type,
+                        "--set",
+                        set_values,
+                        os.path.abspath(report_path),
+                    ],
+                    capture_output=True,
+                )
             else:
-                out = subprocess.run(["chart-verifier",command,info_type,os.path.abspath(report_path)],capture_output=True)
+                out = subprocess.run(
+                    [
+                        "chart-verifier",
+                        command,
+                        info_type,
+                        os.path.abspath(report_path),
+                    ],
+                    capture_output=True,
+                )
             output = out.stdout.decode("utf-8")
 
+        if SHA_ERROR in output:
+            msg = f"[ERROR] {SHA_ERROR}"
+            write_error_log(msg)
+            sys.exit(1)
+
         try:
             report_out = json.loads(output)
         except BaseException as err:
-            print(f"[ERROR] loading report output: /n{output}")
-            print(f"[ERROR] exception was: {err=}, {type(err)=}")
+            msgs = []
+            msgs.append(f"[ERROR] loading report output: /n{output}")
+            msgs.append(f"[ERROR] exception was: {err=}, {type(err)=}")
+            write_error_log(*msgs)
             sys.exit(1)
 
-    if not info_type in report_out:
-        print(f"Error extracting {info_type} from the report:", report_out.strip())
+    if info_type not in report_out:
+        msg = f"Error extracting {info_type} from the report:", report_out.strip()
+        write_error_log(msg)
         sys.exit(1)
 
     if info_type == REPORT_ANNOTATIONS:
@@ -65,45 +119,55 @@ def _get_report_info(report_path, report_info_path,info_type, profile_type, prof
     return report_out[info_type]
 
 
-def get_report_annotations(report_path=None,report_info_path=None):
-    annotations = _get_report_info(report_path,report_info_path,REPORT_ANNOTATIONS,"","")
+def get_report_annotations(report_path=None, report_info_path=None):
+    annotations = _get_report_info(
+        report_path, report_info_path, REPORT_ANNOTATIONS, "", ""
+    )
     print("[INFO] report annotations : %s" % annotations)
     return annotations
 
 
-def get_report_results(report_path=None, profile_type=None, profile_version=None,report_info_path=None):
-    results = _get_report_info(report_path,report_info_path,REPORT_RESULTS,profile_type,profile_version)
+def get_report_results(
+    report_path=None, profile_type=None, profile_version=None, report_info_path=None
+):
+    results = _get_report_info(
+        report_path, report_info_path, REPORT_RESULTS, profile_type, profile_version
+    )
     print("[INFO] report results : %s" % results)
     results["failed"] = int(results["failed"])
     results["passed"] = int(results["passed"])
     return results
-    
-def get_report_digests(report_path=None,report_info_path=None):
-    digests = _get_report_info(report_path,report_info_path,REPORT_DIGESTS,"","")
+
+
+def get_report_digests(report_path=None, report_info_path=None):
+    digests = _get_report_info(report_path, report_info_path, REPORT_DIGESTS, "", "")
     print("[INFO] report digests : %s" % digests)
     return digests
 
-def get_report_metadata(report_path=None,report_info_path=None):
-    metadata = _get_report_info(report_path,report_info_path,REPORT_METADATA,"","")
+
+def get_report_metadata(report_path=None, report_info_path=None):
+    metadata = _get_report_info(report_path, report_info_path, REPORT_METADATA, "", "")
     print("[INFO] report metadata : %s" % metadata)
     return metadata
 
-def get_report_chart_url(report_path=None,report_info_path=None):
-     metadata = _get_report_info(report_path,report_info_path,REPORT_METADATA,"","")
-     print("[INFO] report chart-uri : %s" % metadata["chart-uri"])
-     return metadata["chart-uri"]
 
-def get_report_chart(report_path=None,report_info_path=None):
-     metadata = _get_report_info(report_path,report_info_path,REPORT_METADATA,"","")
-     print("[INFO] report chart : %s" % metadata["chart"])
-     return metadata["chart"]
+def get_report_chart_url(report_path=None, report_info_path=None):
+    metadata = _get_report_info(report_path, report_info_path, REPORT_METADATA, "", "")
+    print("[INFO] report chart-uri : %s" % metadata["chart-uri"])
+    return metadata["chart-uri"]
+
+
+def get_report_chart(report_path=None, report_info_path=None):
+    metadata = _get_report_info(report_path, report_info_path, REPORT_METADATA, "", "")
+    print("[INFO] report chart : %s" % metadata["chart"])
+    return metadata["chart"]
 
-def main():
 
+def main():
     print("\n\n\n\nDocker image results:\n")
     os.environ["VERIFIER_IMAGE"] = "quay.io/redhat-certification/chart-verifier:main"
-    get_report_results("./report.yaml","","")
-    get_report_results("./report.yaml","community","v1.1")
+    get_report_results("./report.yaml", "", "")
+    get_report_results("./report.yaml", "community", "v1.1")
     get_report_digests("./report.yaml")
     get_report_metadata("./report.yaml")
     get_report_annotations("./report.yaml")
@@ -112,8 +176,8 @@ def main():
 
     print("\n\n\n\nverifier command results:\n")
     os.environ["VERIFIER_IMAGE"] = ""
-    get_report_results("./report.yaml","","")
-    get_report_results("./report.yaml","community","v1.1")
+    get_report_results("./report.yaml", "", "")
+    get_report_results("./report.yaml", "community", "v1.1")
     get_report_digests("./report.yaml")
     get_report_metadata("./report.yaml")
     get_report_annotations("./report.yaml")
@@ -129,7 +193,5 @@ def main():
     get_report_chart(report_info_path="./report_info.json")
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     main()
-
-
diff --git a/scripts/src/report/verifier_report.py b/scripts/src/report/verifier_report.py
index d05c671434b..e168f2a3c51 100644
--- a/scripts/src/report/verifier_report.py
+++ b/scripts/src/report/verifier_report.py
@@ -24,17 +24,16 @@
 """
 
 import sys
-import os
 import semantic_version
 
 import yaml
+
 try:
     from yaml import CLoader as Loader
 except ImportError:
     from yaml import Loader
 
-sys.path.append('../')
-from chartrepomanager import indexannotations
+sys.path.append("../")
 from report import report_info
 
 MIN_SUPPORTED_OPENSHIFT_VERSION = semantic_version.SimpleSpec(">=4.1.0")
@@ -43,29 +42,59 @@
 SUPPORTED_VERSIONS_ANNOTATION = "charts.openshift.io/supportedOpenShiftVersions"
 KUBE_VERSION_ATTRIBUTE = "kubeVersion"
 
+
 def get_report_data(report_path):
+    """Load and returns the report data contained in report.yaml
+
+    Args:
+        report_path (str): Path to the report.yaml file.
+
+    Returns:
+        (bool, dict): A boolean indicating if the loading was successfull and the
+                      content of the report.yaml file.
+    """
     try:
         with open(report_path) as report_data:
-            report_content = yaml.load(report_data,Loader=Loader)
-        return True,report_content
+            report_content = yaml.load(report_data, Loader=Loader)
+        return True, report_content
     except Exception as err:
         print(f"Exception 2 loading file: {err}")
-        return False,""
+        return False, ""
+
 
-def get_result(report_data,check_name):
+def get_result(report_data, check_name):
+    """Parse the report.yaml content for the result of a given check.
+
+    Args:
+        report_data (dict): The content of the report.yaml file.
+        check_name (str): The name of the check to get the result for.
+
+    Returns:
+        (bool, str): a boolean to True if the test passed, false otherwise
+                     and the corresponding "reason" field.
+    """
     outcome = False
+    reason = "Not Found"
     for result in report_data["results"]:
         if result["check"].endswith(check_name):
+            reason = result["reason"]
             if result["outcome"] == "PASS":
                 outcome = True
             break
-    return outcome
+    return outcome, reason
+
 
 def get_chart_testing_result(report_data):
-    return get_result(report_data,"/chart-testing")
+    return get_result(report_data, "/chart-testing")
+
 
 def get_has_kubeversion_result(report_data):
-    return get_result(report_data,"/has-kubeversion")
+    return get_result(report_data, "/has-kubeversion")
+
+
+def get_signature_is_valid_result(report_data):
+    return get_result(report_data, "/signature-is-valid")
+
 
 def get_profile_version(report_data):
     profile_version = "1.1"
@@ -75,14 +104,23 @@ def get_profile_version(report_data):
         pass
     return profile_version
 
-def get_provider_delivery(report_data):
-    provider_delivery = False
+
+def get_web_catalog_only(report_data):
+    web_catalog_only = False
     try:
-        provider_delivery = report_data["metadata"]["tool"]["providerControlledDelivery"]
+        if "webCatalogOnly" in report_data["metadata"]["tool"]:
+            web_catalog_only = report_data["metadata"]["tool"]["webCatalogOnly"]
+        if "providerControlledDelivery" in report_data["metadata"]["tool"]:
+            web_catalog_only = report_data["metadata"]["tool"][
+                "providerControlledDelivery"
+            ]
     except Exception as err:
-        print(f"Exception getting providerControlledDelivery {err=}, {type(err)=}")
+        print(
+            f"Exception getting webCatalogOnly/providerControlledDelivery {err=}, {type(err)=}"
+        )
         pass
-    return provider_delivery
+    return web_catalog_only
+
 
 def get_package_digest(report_data):
     package_digest = None
@@ -91,47 +129,93 @@ def get_package_digest(report_data):
         if "package" in digests:
             package_digest = digests["package"]
     except Exception as err:
-        print(f"Exception getting providerControlledDelivery {err=}, {type(err)=}")
+        print(f"Exception getting package digest {err=}, {type(err)=}")
         pass
     return package_digest
 
+
+def get_public_key_digest(report_data):
+    """Get the public key digest from report.yaml
+
+    Args:
+        report_data (dict): the report.yaml content
+
+    Returns:
+        str: The public key digest from report.yaml. Set to None if not found.
+    """
+    public_key_digest = None
+    try:
+        digests = report_data["metadata"]["tool"]["digests"]
+        if "publicKey" in digests:
+            public_key_digest = digests["publicKey"]
+    except Exception as err:
+        print(f"Exception getting publicKey digest {err=}, {type(err)=}")
+        pass
+    return public_key_digest
+
+
 def report_is_valid(report_data):
+    """Check that the report.yaml contains the expected YAML structure
+
+    Args:
+        dict: The content of report.yaml
+
+    Returns:
+        bool: set to True if the report contains the correct structure, False otherwise.
+    """
     outcome = True
 
-    if not "kind" in report_data or report_data["kind"] != "verify-report":
-        print('[ERROR] kind attribute invalid or missing from report')
+    if "kind" not in report_data or report_data["kind"] != "verify-report":
+        print("[ERROR] kind attribute invalid or missing from report")
         return False
 
-    if not "results" in report_data:
+    if "results" not in report_data:
         print("No results section in report")
         outcome = False
-    if not "metadata" in report_data:
+    if "metadata" not in report_data:
         print("No metadata section in report")
         outcome = False
     else:
-        if not  "tool" in report_data["metadata"]:
+        if "tool" not in report_data["metadata"]:
             print("No tool metadata  section in report")
             outcome = False
-        if not "chart" in report_data["metadata"]:
+        if "chart" not in report_data["metadata"]:
             print("No tool chart  section in report")
             outcome = False
 
     return outcome
 
 
-def validate(report_path):
+def validate(report_path, ocp_version_range):
+    """Validate report.yaml by running a serie of checks.
+
+    * Checks that the report.yaml contains valid YAML.
+    * Checks that the report.yaml contains the correct structure.
+    * Checks that the Chart has been successully tested (result of /chart-testing).
+    * Checks that the profile version used is valid SemVer.
+    * Checks that the expected annotation is present.
+    * Checks that the reported version of OCP and Kubernetes are valid and are coherent.
 
-    is_valid_yaml,report_data = get_report_data(report_path)
+    Args:
+        report_path (str): Path to the report.yaml file
+        ocp_version_range (str): Range of supported OCP versions
+
+    Returns:
+        (bool, str): if the checks all passed, this returns a bool set to True and an
+                     empty str. Otherwise, this returns a bool set to True and the
+                     corresponding error message.
+    """
+    is_valid_yaml, report_data = get_report_data(report_path)
 
     if not is_valid_yaml:
-        return False,f"Report is not valid yaml: {report_path}"
+        return False, f"Report is not valid yaml: {report_path}"
 
     if not report_is_valid(report_data):
-        return False,f"Report is incomplete and cannot be processed: {report_path}"
-
-    ## No value in checking if chart testing failed
-    if get_chart_testing_result(report_data):
+        return False, f"Report is incomplete and cannot be processed: {report_path}"
 
+    # No value in checking if chart testing failed
+    chart_testing_outcome, _ = get_chart_testing_result(report_data)
+    if chart_testing_outcome:
         profile_version_string = get_profile_version(report_data)
 
         try:
@@ -139,11 +223,10 @@ def validate(report_path):
             v1_0_profile = False
             if profile_version.major == 1 and profile_version.minor == 0:
                 v1_0_profile = True
-        except Exception:
+        except ValueError:
             message = f"Invalid profile version in report : {profile_version_string}"
             print(message)
-            return False,message
-
+            return False, message
 
         annotations = report_info.get_report_annotations(report_path)
 
@@ -152,56 +235,69 @@ def validate(report_path):
         else:
             tested_version_annotation = TESTED_VERSION_ANNOTATION
 
-        if tested_version_annotation  in annotations:
+        if tested_version_annotation in annotations:
             tested_version_string = annotations[tested_version_annotation]
         else:
-            return False,f"No annotation provided for {tested_version_annotation}"
+            return False, f"No annotation provided for {tested_version_annotation}"
 
         try:
             tested_version = semantic_version.Version.coerce(tested_version_string)
             if tested_version not in MIN_SUPPORTED_OPENSHIFT_VERSION:
-                return False,f"{tested_version_annotation} {tested_version_string} is not a supported OpenShift version."
+                return (
+                    False,
+                    f"{tested_version_annotation} {tested_version_string} is not a supported OpenShift version.",
+                )
         except ValueError:
-            return False,f"{tested_version_annotation} {tested_version_string} is not a valid semantic version."
-
-        if get_has_kubeversion_result:
-
-            chart = report_info.get_report_chart(report_path)
-            if KUBE_VERSION_ATTRIBUTE in chart:
-                kube_supported_ocp_versions_string = indexannotations.getOCPVersions(chart[KUBE_VERSION_ATTRIBUTE])
-                try:
-                    kube_supported_versions =  semantic_version.NpmSpec(kube_supported_ocp_versions_string)
-                except ValueError:
-                    if v1_0_profile:
-                        return True,""
-                    else:
-                        return False,f'Kube Version {chart[KUBE_VERSION_ATTRIBUTE]} translates to an invalid OCP version range {kube_supported_ocp_versions_string}'
-            else:
-                if v1_0_profile:
-                    return True,""
-                else:
-                    return False,f'{KUBE_VERSION_ATTRIBUTE} missing from chart!'
-
-            if tested_version not in kube_supported_versions:
-                    return False,f"Tested OpenShift version {str(tested_version)} not within specified kube-versions : {kube_supported_ocp_versions_string}"
+            return (
+                False,
+                f"{tested_version_annotation} {tested_version_string} is not a valid semantic version.",
+            )
 
+        has_kubeversion_outcome, _ = get_chart_testing_result(report_data)
+        if has_kubeversion_outcome:
             if not v1_0_profile:
+                chart = report_info.get_report_chart(report_path)
+                kube_supported_versions = semantic_version.NpmSpec(ocp_version_range)
+
+                if tested_version not in kube_supported_versions:
+                    return (
+                        False,
+                        f"Tested OpenShift version {str(tested_version)} not within specified kube-versions : {ocp_version_range}",
+                    )
 
                 if SUPPORTED_VERSIONS_ANNOTATION in annotations:
-                    supported_versions_string = annotations[SUPPORTED_VERSIONS_ANNOTATION]
+                    supported_versions_string = annotations[
+                        SUPPORTED_VERSIONS_ANNOTATION
+                    ]
                     try:
-                        supported_versions = semantic_version.NpmSpec(supported_versions_string)
+                        supported_versions = semantic_version.NpmSpec(
+                            supported_versions_string
+                        )
                     except ValueError:
-                         return False,f"{SUPPORTED_VERSIONS_ANNOTATION}: {supported_versions_string} is not a valid semantic version."
+                        return (
+                            False,
+                            f"{SUPPORTED_VERSIONS_ANNOTATION}: {supported_versions_string} is not a valid semantic version.",
+                        )
                 else:
-                    return False,f"Missing annotation in report: {SUPPORTED_VERSIONS_ANNOTATION}"
+                    return (
+                        False,
+                        f"Missing annotation in report: {SUPPORTED_VERSIONS_ANNOTATION}",
+                    )
 
                 if tested_version not in supported_versions:
-                    return False,f"Tested OpenShift version {str(tested_version)} not within supported versions : {supported_versions_string}"
-
-                if supported_versions_string and supported_versions_string != str(kube_supported_versions):
-                     return False,f'Kube Version {chart[KUBE_VERSION_ATTRIBUTE]} -> {str(kube_supported_versions)} does not match supportedOpenShiftVersions: {supported_versions_string}'
+                    return (
+                        False,
+                        f"Tested OpenShift version {str(tested_version)} not within supported versions : {supported_versions_string}",
+                    )
+
+                if supported_versions_string and supported_versions_string != str(
+                    kube_supported_versions
+                ):
+                    return (
+                        False,
+                        f"Kube Version {chart[KUBE_VERSION_ATTRIBUTE]} -> {str(kube_supported_versions)} does not match supportedOpenShiftVersions: {supported_versions_string}",
+                    )
     else:
         print("[INFO] Chart testing failed so skip report checking")
 
-    return True,""
+    return True, ""
diff --git a/scripts/src/saforcertadmin/create_sa.sh b/scripts/src/saforcertadmin/create_sa.sh
old mode 100644
new mode 100755
index 9831c50cfee..dc59c7f2a22
--- a/scripts/src/saforcertadmin/create_sa.sh
+++ b/scripts/src/saforcertadmin/create_sa.sh
@@ -2,7 +2,7 @@
 
 user_name='rh-cert-user'
 oc create sa $user_name
-token_secret=$(oc get sa $user_name -o json | jq -r '.secrets[].name | select( index("token") )')
+token_secret=$(oc get secrets --field-selector=type=kubernetes.io/service-account-token -o=jsonpath="{.items[?(@.metadata.annotations.kubernetes\.io/service-account\.name=='"$user_name"')].metadata.name}")
 token=$(oc get secret $token_secret -o json | jq -r .data.token | base64 -d)
 oc apply -f cluster_role_binding.yaml
 
diff --git a/scripts/src/saforcertadmin/push_secrets.py b/scripts/src/saforcertadmin/push_secrets.py
index 370da7150d3..9d1ecf4cc4f 100644
--- a/scripts/src/saforcertadmin/push_secrets.py
+++ b/scripts/src/saforcertadmin/push_secrets.py
@@ -1,4 +1,4 @@
-'''
+"""
 This script will help to list, create or update secrets of a repository
 
 Prerequsites:
@@ -18,20 +18,28 @@
 2. To create or update the CLUSTER_TOKEN of openshift-helm-charts/sandbox repository
   python push_secrets.py -r openshift-helm-charts/sandbox -s CLUSTER_TOKEN -v <cluster_token_value>
 
-'''
+"""
 from base64 import b64encode
 from nacl import encoding, public
 import logging
 import os
 import sys
+import json
 import requests
 import argparse
 
-token = os.environ.get("GITHUB_TOKEN")
-headers = {'Accept': 'application/vnd.github.v3+json', 'Authorization': f'token {token}'}
+sys.path.append("../")
+from pullrequest import prartifact
+
+token = os.environ.get("BOT_TOKEN")
+headers = {
+    "Accept": "application/vnd.github.v3+json",
+    "Authorization": f"token {token}",
+}
 
 logging.basicConfig(level=logging.INFO)
 
+
 def encrypt(public_key: str, secret_value: str) -> str:
     """Encrypt a Unicode string using the public key."""
     public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
@@ -39,60 +47,125 @@ def encrypt(public_key: str, secret_value: str) -> str:
     encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
     return b64encode(encrypted).decode("utf-8")
 
+
 def get_repo_public_key(repo):
     """Get the public key id and key of a github repository"""
-    response = requests.get(f'https://api.github.com/repos/{repo}/actions/secrets/public-key', headers=headers)
+    response = requests.get(
+        f"https://api.github.com/repos/{repo}/actions/secrets/public-key",
+        headers=headers,
+    )
     if response.status_code != 200:
-        logging.error(f"unexpected response getting repo public key : {response.status_code} : {response.reason}")
+        logging.error(
+            f"unexpected response getting repo public key : {response.status_code} : {response.reason}"
+        )
         sys.exit(1)
     response_json = response.json()
-    return response_json['key_id'], response_json['key']
+
+    if prartifact.xRateLimit in response.headers:
+        print(
+            f"[DEBUG] {prartifact.xRateLimit} : {response.headers[prartifact.xRateLimit]}"
+        )
+    if prartifact.xRateRemain in response.headers:
+        print(
+            f"[DEBUG] {prartifact.xRateRemain}  : {response.headers[prartifact.xRateRemain]}"
+        )
+
+    if "message" in response_json:
+        print(f'[ERROR] getting public key: {response_json["message"]}')
+        sys.exit(1)
+
+    return response_json["key_id"], response_json["key"]
+
 
 def get_repo_secrets(repo):
     """Get the list of secret names of a github repository"""
     secret_names = []
-    response = requests.get(f'https://api.github.com/repos/{repo}/actions/secrets', headers=headers)
+    response = requests.get(
+        f"https://api.github.com/repos/{repo}/actions/secrets", headers=headers
+    )
     if response.status_code != 200:
-        logging.error(f"unexpected response getting secrets : {response.status_code} : {response.reason}")
+        logging.error(
+            f"[ERROR] unexpected response getting repo secrets : {response.status_code} : {response.reason}"
+        )
         sys.exit(1)
     response_json = response.json()
-    for i in range(response_json['total_count']):
-        secret_names.append(response_json['secrets'][i]['name'])
+    if "message" in response_json:
+        print(f'[ERROR] getting repo secrets: {response_json["message"]}')
+        sys.exit(1)
+    for i in range(response_json["total_count"]):
+        secret_names.append(response_json["secrets"][i]["name"])
     return secret_names
 
+
 def create_or_update_repo_secrets(repo, secret_name, key_id, encrypted_value):
     """Create or update a github repository secret"""
-    response = requests.put(f'https://api.github.com/repos/{repo}/actions/secrets/{secret_name}', json={'key_id': key_id, 'encrypted_value': encrypted_value}, headers=headers)
+    response = requests.put(
+        f"https://api.github.com/repos/{repo}/actions/secrets/{secret_name}",
+        json={"key_id": key_id, "encrypted_value": encrypted_value},
+        headers=headers,
+    )
     if response.status_code != 201 and response.status_code != 204:
-        logging.error(f"unexpected response during put request : {response.status_code} : {response.reason}")
+        logging.error(
+            f"unexpected response during put request : {response.status_code} : {response.reason}"
+        )
         sys.exit(1)
-    #response_json = response.json()
-    logging.info(f'Secret {secret_name} create or update successful')
+    try:
+        response_json = response.json()
+        if "message" in response_json:
+            print(f'[ERROR] updating repo secret: {response_json["message"]}')
+            sys.exit(1)
+    except json.decoder.JSONDecodeError:
+        pass
+
+    logging.info(f"Secret {secret_name} create or update successful")
+
 
 def main():
-    parser = argparse.ArgumentParser(description='Script to list, create or update secrets of a repository')
-    parser.add_argument("-r", "--repo", dest="repo", type=str, required=True,
-                                        help="Github repo name in {org}/{repo_name} format")
-    parser.add_argument("-l", "--list", dest="list", action='store_true', required=False,
-                                        help="List the secret names")
-    parser.add_argument("-s", "--secret", dest="secret", type=str, required=False,
-                                        help="Secret name")
-    parser.add_argument("-v", "--value", dest="value", type=str, required=False,
-                                        help="Secret value to set")
+    parser = argparse.ArgumentParser(
+        description="Script to list, create or update secrets of a repository"
+    )
+    parser.add_argument(
+        "-r",
+        "--repo",
+        dest="repo",
+        type=str,
+        required=True,
+        help="Github repo name in {org}/{repo_name} format",
+    )
+    parser.add_argument(
+        "-l",
+        "--list",
+        dest="list",
+        action="store_true",
+        required=False,
+        help="List the secret names",
+    )
+    parser.add_argument(
+        "-s", "--secret", dest="secret", type=str, required=False, help="Secret name"
+    )
+    parser.add_argument(
+        "-v",
+        "--value",
+        dest="value",
+        type=str,
+        required=False,
+        help="Secret value to set",
+    )
     args = parser.parse_args()
 
     if args.list:
         secrets = get_repo_secrets(args.repo)
-        logging.info(f'Github Secret Names: {secrets}')
+        logging.info(f"Github Secret Names: {secrets}")
     elif args.secret and args.value:
         secret_name = args.secret
         secret_value = args.value
-        logging.info(f'Setting SECRET: {secret_name}')
+        logging.info(f"Setting SECRET: {secret_name}")
         key_id, public_key = get_repo_public_key(args.repo)
         encrypted_value = encrypt(public_key, secret_value)
         create_or_update_repo_secrets(args.repo, secret_name, key_id, encrypted_value)
     else:
-        logging.error('Wrong argument combination')
+        logging.error("Wrong argument combination")
+
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     main()
diff --git a/scripts/src/saforcharttesting/saforcharttesting.py b/scripts/src/saforcharttesting/saforcharttesting.py
index 57249952161..ba2ef7b2d7c 100644
--- a/scripts/src/saforcharttesting/saforcharttesting.py
+++ b/scripts/src/saforcharttesting/saforcharttesting.py
@@ -115,6 +115,7 @@
     namespace: ${name}
 """
 
+
 def apply_config(tmpl, **values):
     with tempfile.TemporaryDirectory(prefix="sa-for-chart-testing-") as tmpdir:
         content = Template(tmpl).substitute(values)
@@ -130,6 +131,7 @@ def apply_config(tmpl, **values):
 
     return stdout, stderr
 
+
 def delete_config(tmpl, **values):
     with tempfile.TemporaryDirectory(prefix="sa-for-chart-testing-") as tmpdir:
         content = Template(tmpl).substitute(values)
@@ -145,6 +147,7 @@ def delete_config(tmpl, **values):
 
     return stdout, stderr
 
+
 def create_namespace(namespace):
     print("creating Namespace:", namespace)
     stdout, stderr = apply_config(namespace_template, name=namespace)
@@ -152,6 +155,7 @@ def create_namespace(namespace):
     if stderr.strip():
         print("[ERROR] creating Namespace:", stderr)
 
+
 def create_serviceaccount(namespace):
     print("creating ServiceAccount:", namespace)
     stdout, stderr = apply_config(serviceaccount_template, name=namespace)
@@ -159,6 +163,7 @@ def create_serviceaccount(namespace):
     if stderr.strip():
         print("[ERROR] creating ServiceAccount:", stderr)
 
+
 def create_role(namespace):
     print("creating Role:", namespace)
     stdout, stderr = apply_config(role_template, name=namespace)
@@ -166,6 +171,7 @@ def create_role(namespace):
     if stderr.strip():
         print("[ERROR] creating Role:", stderr)
 
+
 def create_rolebinding(namespace):
     print("creating RoleBinding:", namespace)
     stdout, stderr = apply_config(rolebinding_template, name=namespace)
@@ -173,6 +179,7 @@ def create_rolebinding(namespace):
     if stderr.strip():
         print("[ERROR] creating RoleBinding:", stderr)
 
+
 def create_clusterrole(namespace):
     print("creating ClusterRole:", namespace)
     stdout, stderr = apply_config(clusterrole_template, name=namespace)
@@ -180,6 +187,7 @@ def create_clusterrole(namespace):
     if stderr.strip():
         print("[ERROR] creating ClusterRole:", stderr)
 
+
 def create_clusterrolebinding(namespace):
     print("creating ClusterRoleBinding:", namespace)
     stdout, stderr = apply_config(clusterrolebinding_template, name=namespace)
@@ -187,6 +195,7 @@ def create_clusterrolebinding(namespace):
     if stderr.strip():
         print("[ERROR] creating ClusterRoleBinding:", stderr)
 
+
 def delete_namespace(namespace):
     print("deleting Namespace:", namespace)
     stdout, stderr = delete_config(namespace_template, name=namespace)
@@ -195,6 +204,7 @@ def delete_namespace(namespace):
         print("[ERROR] deleting Namespace:", namespace, stderr)
         sys.exit(1)
 
+
 def delete_clusterrole(name):
     print("deleting ClusterRole:", name)
     stdout, stderr = delete_config(clusterrole_template, name=name)
@@ -203,6 +213,7 @@ def delete_clusterrole(name):
         print("[ERROR] deleting ClusterRole:", name, stderr)
         sys.exit(1)
 
+
 def delete_clusterrolebinding(name):
     print("deleting ClusterRoleBinding:", name)
     stdout, stderr = delete_config(clusterrolebinding_template, name=name)
@@ -211,11 +222,15 @@ def delete_clusterrolebinding(name):
         print("[ERROR] deleting ClusterRoleBinding:", name, stderr)
         sys.exit(1)
 
+
 def write_sa_token(namespace, token):
     secret_found = False
     secrets = []
     for i in range(7):
-        out = subprocess.run(["oc", "get", "serviceaccount", namespace, "-n", namespace, "-o", "json"], capture_output=True)
+        out = subprocess.run(
+            ["oc", "get", "serviceaccount", namespace, "-n", namespace, "-o", "json"],
+            capture_output=True,
+        )
         stdout = out.stdout.decode("utf-8")
         if out.returncode != 0:
             stderr = out.stderr.decode("utf-8")
@@ -229,15 +244,18 @@ def write_sa_token(namespace, token):
                 secret_found = True
                 break
             else:
-                pattern = r'Tokens:\s+([A-Za-z0-9-]+)'
-                dout = subprocess.run(["oc", "describe", "serviceaccount", namespace, "-n", namespace], capture_output=True)
+                pattern = r"Tokens:\s+([A-Za-z0-9-]+)"
+                dout = subprocess.run(
+                    ["oc", "describe", "serviceaccount", namespace, "-n", namespace],
+                    capture_output=True,
+                )
                 dstdout = dout.stdout.decode("utf-8")
                 match = re.search(pattern, dstdout)
                 if match:
-                  token_name = match.group(1)
+                    token_name = match.group(1)
                 else:
-                  print("[ERROR] Token not found, Exiting")
-                  sys.exit(1)
+                    print("[ERROR] Token not found, Exiting")
+                    sys.exit(1)
                 secrets.append({"name": token_name})
                 secret_found = True
                 break
@@ -248,7 +266,10 @@ def write_sa_token(namespace, token):
         sys.exit(1)
 
     for secret in secrets:
-        out = subprocess.run(["oc", "get", "secret", secret["name"], "-n", namespace, "-o", "json"], capture_output=True)
+        out = subprocess.run(
+            ["oc", "get", "secret", secret["name"], "-n", namespace, "-o", "json"],
+            capture_output=True,
+        )
         stdout = out.stdout.decode("utf-8")
         if out.returncode != 0:
             stderr = out.stderr.decode("utf-8")
@@ -262,10 +283,13 @@ def write_sa_token(namespace, token):
                 with open(token, "w") as fd:
                     fd.write(base64.b64decode(content).decode("utf-8"))
 
+
 def switch_project_context(namespace, token, api_server):
     tkn = open(token).read()
     for i in range(7):
-        out = subprocess.run(["oc", "login", "--token", tkn, "--server", api_server], capture_output=True)
+        out = subprocess.run(
+            ["oc", "login", "--token", tkn, "--server", api_server], capture_output=True
+        )
         stdout = out.stdout.decode("utf-8")
         print(stdout)
         out = subprocess.run(["oc", "project", namespace], capture_output=True)
@@ -280,19 +304,41 @@ def switch_project_context(namespace, token, api_server):
         time.sleep(10)
 
     # This exit will happen if there is an infra failure
-    print("""[ERROR] There is an error creating the namespace and service account. It happens due to some infrastructure failure.  It is not directly related to the changes in the pull request. You can wait for some time and try to re-run the job.  To re-run the job change the PR into a draft and remove the draft state.""")
+    print(
+        """[ERROR] There is an error creating the namespace and service account. It happens due to some infrastructure failure.  It is not directly related to the changes in the pull request. You can wait for some time and try to re-run the job.  To re-run the job change the PR into a draft and remove the draft state."""
+    )
     sys.exit(1)
 
+
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument("-c", "--create", dest="create", type=str, required=False,
-                                        help="create service account and namespace for chart testing")
-    parser.add_argument("-t", "--token", dest="token", type=str, required=False,
-                                        help="service account token for chart testing")
-    parser.add_argument("-d", "--delete", dest="delete", type=str, required=False,
-                                        help="delete service account and namespace used for chart testing")
-    parser.add_argument("-s", "--server", dest="server", type=str, required=False,
-                                        help="API server URL")
+    parser.add_argument(
+        "-c",
+        "--create",
+        dest="create",
+        type=str,
+        required=False,
+        help="create service account and namespace for chart testing",
+    )
+    parser.add_argument(
+        "-t",
+        "--token",
+        dest="token",
+        type=str,
+        required=False,
+        help="service account token for chart testing",
+    )
+    parser.add_argument(
+        "-d",
+        "--delete",
+        dest="delete",
+        type=str,
+        required=False,
+        help="delete service account and namespace used for chart testing",
+    )
+    parser.add_argument(
+        "-s", "--server", dest="server", type=str, required=False, help="API server URL"
+    )
     args = parser.parse_args()
 
     if args.create:
diff --git a/scripts/src/signedchart/__init__.py b/scripts/src/signedchart/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/scripts/src/signedchart/signedchart.py b/scripts/src/signedchart/signedchart.py
new file mode 100644
index 00000000000..df84c2c8eea
--- /dev/null
+++ b/scripts/src/signedchart/signedchart.py
@@ -0,0 +1,182 @@
+import sys
+import subprocess
+import base64
+import filecmp
+import os
+import re
+
+sys.path.append("../")
+from report import verifier_report
+from owners import owners_file
+from pullrequest import prartifact
+from reporegex import matchers
+
+
+def check_and_prepare_signed_chart(api_url, report_path, owner_path, key_file_path):
+    signed_chart = is_chart_signed(api_url, report_path)
+    key_in_owners = False
+    keys_match = False
+    if signed_chart:
+        owners_pgp_key = get_pgp_key_from_owners(owner_path)
+        if owners_pgp_key:
+            key_in_owners = True
+            if report_path:
+                keys_match = check_pgp_public_key(owners_pgp_key, report_path)
+            elif key_file_path:
+                create_public_key_file(owners_pgp_key, key_file_path)
+
+    return signed_chart, key_in_owners, keys_match
+
+
+def get_verifier_flags(tar_file, owners_file, temp_dir):
+    prov_file = f"{tar_file}.prov"
+    if os.path.exists(prov_file):
+        gpg_key = get_pgp_key_from_owners(owners_file)
+        if gpg_key:
+            key_file = os.path.join(temp_dir, "pgp", f"{tar_file}.key")
+            create_public_key_file(gpg_key, key_file)
+            return f"--pgp-public-key {key_file}"
+    return ""
+
+
+def is_chart_signed(api_url, report_path):
+    if api_url:
+        files = prartifact.get_modified_files(api_url)
+        tgz_pattern = re.compile(
+            matchers.submission_path_matcher(strict_categories=False) + r".*.tgz"
+        )
+        tgz_found = False
+        prov_pattern = re.compile(
+            matchers.submission_path_matcher(strict_categories=False) + r".*.tgz.prov"
+        )
+        prov_found = False
+
+        for file_path in files:
+            if tgz_pattern.match(file_path):
+                tgz_found = True
+            if prov_pattern.match(file_path):
+                prov_found = True
+
+        if tgz_found and prov_found:
+            return True
+    elif report_path:
+        return check_report_for_signed_chart(report_path)
+
+    return False
+
+
+def key_in_owners_match_report(owner_path, report_path):
+    owner_key = get_pgp_key_from_owners(owner_path)
+    if not owner_key:
+        return True
+    return check_pgp_public_key(owner_key, report_path)
+
+
+def get_pgp_key_from_owners(owner_path):
+    found, owner_data = owners_file.get_owner_data_from_file(owner_path)
+    if found:
+        pgp_key = owners_file.get_pgp_public_key(owner_data)
+        return pgp_key
+    return ""
+
+
+def check_report_for_signed_chart(report_path):
+    """Check that the report has passed the "signature-is-valid" test
+
+    Args:
+        report_path (str): Path to the report.yaml file
+
+    Returns:
+        bool: set to True if the report has passed the "signature-is-valid" test,
+              False otherwise
+    """
+    found, report_data = verifier_report.get_report_data(report_path)
+    if found:
+        _, reason = verifier_report.get_signature_is_valid_result(report_data)
+        if "Chart is signed" in reason:
+            return True
+    return False
+
+
+def check_pgp_public_key(owner_pgp_key, report_path):
+    """Check if the PGP key in the OWNERS file matches the one from report.yaml
+
+    This checks passes if one of the following condition is met:
+    - The PGP keys match.
+    - The report is not for a signed chart
+    - The report is not found
+
+    Consequently, the check fails if the report is found and one the following is true:
+    - The PGP keys do not match
+    - The report is for a signed chart but no PGP key is provided in report.yaml
+
+    Args:
+        owner_pgp_key (str): The PGP key present in the OWNERS file.
+        report_path (str): Path to the report.yaml file.
+
+    Returns:
+        bool: Set to True if the check passes, to False otherwise.
+    """
+    found, report_data = verifier_report.get_report_data(report_path)
+    if found:
+        pgp_public_key_digest_owners = subprocess.getoutput(
+            f"echo {owner_pgp_key} | sha256sum"
+        ).split(" ")[0]
+        print(f"[INFO] digest of PGP key from OWNERS :{pgp_public_key_digest_owners}:")
+        pgp_public_digest_report = verifier_report.get_public_key_digest(report_data)
+        print(f"[INFO] PGP key digest in report :{pgp_public_digest_report}:")
+        if pgp_public_digest_report:
+            return pgp_public_key_digest_owners == pgp_public_digest_report
+        else:
+            return not check_report_for_signed_chart(report_path)
+    return True
+
+
+def create_public_key_file(pgp_public_key_from_owners, key_file_path):
+    key_content = base64.b64decode(pgp_public_key_from_owners)
+
+    key_file = open(key_file_path, "w")
+    key_file.write(key_content.decode("utf-8"))
+    key_file.close()
+
+
+def main():
+    if not is_chart_signed("", "./partner-report.yaml"):
+        print("ERROR chart is signed")
+    else:
+        print("PASS chart is signed")
+
+    if not check_report_for_signed_chart("./partner-report.yaml"):
+        print("ERROR report indicates chart is signed")
+    else:
+        print("PASS report is signed")
+
+    encoded_key_in_owners = get_pgp_key_from_owners("./OWNERS")
+    if not check_pgp_public_key(encoded_key_in_owners, "./partner-report.yaml"):
+        print("ERROR key digests do not match")
+    else:
+        print("PASS key digests match")
+
+    signed, key_in_owners, keys_match = check_and_prepare_signed_chart(
+        "", "./partner-report.yaml", "./OWNERS", "./pgp.key"
+    )
+    if signed and key_in_owners and keys_match:
+        print("PASS all is good")
+    else:
+        print(
+            f"ERROR, all true expected: signed = {signed}, key_in_owners = {key_in_owners}. keys_match = {keys_match}"
+        )
+
+    create_public_key_file(encoded_key_in_owners, "./pgp.key")
+    if os.path.exists("./pgp.key"):
+        if not filecmp.cmp("./psql-service-0.1.11.tgz.key", "./pgp.key"):
+            print("ERROR public key files file do not match")
+        else:
+            print("PASS public key files do match")
+        os.remove("./pgp.key")
+    else:
+        print("ERROR pgp key file was not created")
+
+
+if __name__ == "__main__":
+    main()
diff --git a/scripts/src/tools/gitutils.py b/scripts/src/tools/gitutils.py
index 6c6707e0fe7..52debd770a1 100644
--- a/scripts/src/tools/gitutils.py
+++ b/scripts/src/tools/gitutils.py
@@ -13,21 +13,23 @@
 
 
 import os
+import sys
 import json
 import requests
 from git import Repo
-from git.exc import GitCommandError
 
-GITHUB_BASE_URL = 'https://api.github.com'
+GITHUB_BASE_URL = "https://api.github.com"
 CHARTS_REPO = "/charts"
 DEVELOPMENT_REPO = "/development"
+STAGE_REPO = "/stage"
 
 PR_CREATED = "PR_CREATED"
 PR_NOT_NEEDED = "PR_NOT_NEEDED"
 PR_FAILED = "PR_FAILED"
 
 # GitHub actions bot email for git email
-GITHUB_ACTIONS_BOT_EMAIL = '41898282+github-actions[bot]@users.noreply.github.com'
+GITHUB_ACTIONS_BOT_EMAIL = "41898282+github-actions[bot]@users.noreply.github.com"
+
 
 def set_git_username_email(repo, username, email):
     """
@@ -40,26 +42,45 @@ def set_git_username_email(repo, username, email):
     repo.config_writer().set_value("user", "email", email).release()
 
 
-def github_api_post(endpoint, bot_token, headers={}, json={}):
-    r = requests.post(f'{GITHUB_BASE_URL}/{endpoint}',
-                      headers=headers, json=json)
+def github_api_post(endpoint, headers, json):
+    r = requests.post(f"{GITHUB_BASE_URL}/{endpoint}", headers=headers, json=json)
+
+    try:
+        response_json = r.json()
+
+        if "message" in response_json:
+            print(f'[ERROR] from post request: {response_json["message"]}')
+            sys.exit(1)
+    except json.JSONDecodeError:
+        pass
+
     return r
 
-def github_api_get(endpoint, bot_token, headers={}):
-    r = requests.get(f'{GITHUB_BASE_URL}/{endpoint}', headers=headers)
+
+def github_api_get(endpoint, headers):
+    r = requests.get(f"{GITHUB_BASE_URL}/{endpoint}", headers=headers)
+    response_json = r.json()
+    if "message" in response_json:
+        print(f'[ERROR] get request: {response_json["message"]}')
+        sys.exit(1)
+
     return r
 
-def github_api(method, endpoint, bot_token, headers={}, data={}, json={}):
-    if not headers:
-        headers = {'Accept': 'application/vnd.github.v3+json',
-                   'Authorization': f'Bearer {bot_token}'}
-    if method == 'get':
-        return github_api_get(endpoint, bot_token, headers=headers)
-    elif method == 'post':
-        return github_api_post(endpoint, bot_token, headers=headers, json=json)
+
+def github_api(method, endpoint, bot_token, json={}):
+    headers = {
+        "Accept": "application/vnd.github.v3+json",
+        "Authorization": f"Bearer {bot_token}",
+    }
+    if method == "get":
+        return github_api_get(endpoint, headers)
+    elif method == "post":
+        return github_api_post(endpoint, headers, json)
     else:
         raise ValueError(
-            f"Github API method {method} not implemented in helper function")
+            f"Github API method {method} not implemented in helper function"
+        )
+
 
 def get_bot_name_and_token():
     bot_name = os.environ.get("BOT_NAME")
@@ -75,39 +96,45 @@ def get_bot_name_and_token():
     return bot_name, bot_token
 
 
-def create_pr(branch_name,skip_files,repository,message,target_branch):
-
+def create_pr(branch_name, skip_files, repository, message, target_branch):
     repo = Repo(os.getcwd())
 
     bot_name, bot_token = get_bot_name_and_token()
-    set_git_username_email(repo,bot_name,GITHUB_ACTIONS_BOT_EMAIL)
+    set_git_username_email(repo, bot_name, GITHUB_ACTIONS_BOT_EMAIL)
 
     repo.create_head(branch_name)
     print(f"checkout branch {branch_name}")
     repo.git.checkout(branch_name)
 
-    if add_changes(repo,skip_files):
-
+    if add_changes(repo, skip_files):
         print(f"commit changes with message: {branch_name}")
         repo.index.commit(branch_name)
 
         print(f"push the branch {branch_name} to {repository}")
-        repo.git.push(f'https://x-access-token:{bot_token}@github.com/{repository}',
-                   f'HEAD:refs/heads/{branch_name}','-f')
+        repo.git.push(
+            f"https://x-access-token:{bot_token}@github.com/{repository}",
+            f"HEAD:refs/heads/{branch_name}",
+            "-f",
+        )
 
         print(f"make the pull request to {target_branch}")
-        data = {'head': branch_name, 'base': f'{target_branch}',
-                'title': branch_name, 'body': f'{message}'}
+        data = {
+            "head": branch_name,
+            "base": f"{target_branch}",
+            "title": branch_name,
+            "body": f"{message}",
+        }
 
-        r = github_api(
-            'post', f'repos/{repository}/pulls', bot_token, json=data)
+        r = github_api("post", f"repos/{repository}/pulls", bot_token, json=data)
 
         j = json.loads(r.text)
-        if 'number' in j:
+        if "number" in j:
             print(f"pull request info: {j['number']}")
             return PR_CREATED
         else:
-            print(f"Unexpected response from PR. status code: {r.status_code}, text: {j}")
+            print(
+                f"Unexpected response from PR. status code: {r.status_code}, text: {j}"
+            )
             return PR_FAILED
 
     else:
@@ -115,19 +142,17 @@ def create_pr(branch_name,skip_files,repository,message,target_branch):
         return PR_NOT_NEEDED
 
 
-
-def add_changes(repo,skip_files):
-
+def add_changes(repo, skip_files):
     if len(skip_files) == 0:
-        changed = [ item.a_path for item in repo.index.diff(None) ]
+        changed = [item.a_path for item in repo.index.diff(None)]
         for change in changed:
             print(f"Changed file: {change}")
         for add in repo.untracked_files:
             print(f"Added file: {add}")
-        print(f"Add all changes")
+        print("Add all changes")
         repo.git.add(all=True)
     else:
-        changed = [ item.a_path for item in repo.index.diff(None) ]
+        changed = [item.a_path for item in repo.index.diff(None)]
         for change in changed:
             if change in skip_files:
                 print(f"Skip changed file: {change}")
@@ -143,3 +168,8 @@ def add_changes(repo,skip_files):
                 repo.git.add(add)
 
     return len(repo.index.diff("HEAD")) > 0
+
+
+def add_output(name, value):
+    with open(os.environ["GITHUB_OUTPUT"], "a") as fh:
+        print(f"{name}={value}", file=fh)
diff --git a/scripts/src/updateindex/__init__.py b/scripts/src/updateindex/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/scripts/src/updateindex/updateindex.py b/scripts/src/updateindex/updateindex.py
new file mode 100644
index 00000000000..62c688f0b1a
--- /dev/null
+++ b/scripts/src/updateindex/updateindex.py
@@ -0,0 +1,229 @@
+"""This files downloads and updates the Helm repository index data
+"""
+
+import argparse
+import base64
+import hashlib
+import json
+import os
+import requests
+import sys
+import yaml
+
+from datetime import datetime, timezone
+from environs import Env
+
+try:
+    from yaml import CLoader as Loader, CDumper as Dumper
+except ImportError:
+    from yaml import Loader, Dumper
+
+
+def _decode_chart_entry(chart_entry_encoded):
+    """Decode the base64 encoded index entry to add.
+
+    Args:
+        chart_entry_encoded (str): base64 encode index entry for this chart
+
+    Returns:
+        dict: Decoded index entry
+
+    """
+    chart_entry_bytes = base64.b64decode(chart_entry_encoded)
+    chart_entry_str = chart_entry_bytes.decode()
+
+    return json.loads(chart_entry_str)
+
+
+def download_index(index_file, repository, branch):
+    """Download the index file to disk and retrieve its content.
+
+    Args:
+        index_file (str): Path to the index file to update
+        repository (str): Name of the git Repository
+        branch (str): Git branch that hosts the Helm repository index
+
+    Returns:
+        dict: The current content of the index
+    """
+    print(f"Downloading {index_file}")
+    r = requests.get(
+        f"https://raw.githubusercontent.com/{repository}/{branch}/{index_file}"
+    )
+    now = datetime.now(timezone.utc).astimezone().isoformat()
+
+    if r.status_code == 200:
+        data = yaml.load(r.text, Loader=Loader)
+        data["generated"] = now
+    else:
+        data = {"apiVersion": "v1", "generated": now, "entries": {}}
+
+    return data
+
+
+def update_index(
+    index_data,
+    version,
+    chart_url,
+    chart_entry,
+    web_catalog_only,
+):
+    """Update the Helm repository index file
+
+    Args:
+        index_data (dict): Content of the Helm repo index
+        version (str): The version of the chart (ex: 1.4.0)
+        chart_url (str): URL of the Chart
+        chart_entry (dict): Index entry to add
+        web_catalog_only (bool): Set to True if the provider has chosen the Web Catalog
+                                 Only option.
+
+    """
+    now = datetime.now(timezone.utc).astimezone().isoformat()
+
+    print("[INFO] Updating the chart entry with new version")
+    crtentries = []
+    entry_name = os.environ.get("CHART_ENTRY_NAME")
+    if not entry_name:
+        print("[ERROR] Internal error: missing chart entry name")
+        sys.exit(1)
+    d = index_data["entries"].get(entry_name, [])
+    for v in d:
+        if v["version"] == version:
+            continue
+        crtentries.append(v)
+
+    chart_entry["urls"] = [chart_url]
+    if not web_catalog_only:
+        set_package_digest(chart_entry, chart_url)
+    chart_entry["annotations"]["charts.openshift.io/submissionTimestamp"] = now
+    crtentries.append(chart_entry)
+    index_data["entries"][entry_name] = crtentries
+
+
+def set_package_digest(chart_entry, chart_url):
+    """Check that the digest of the provided chart matches the digest of the chart that
+    has been uploaded in the GitHub release.
+
+    Note that this  is the reason why the GitHub release must have been created before
+    updating the index.
+
+    Args:
+        chart_entry (dict): Index entry to add
+        chart_url (str): URL of the Chart
+
+    """
+    print("[INFO] set package digests.")
+
+    head = requests.head(chart_url, allow_redirects=True)
+    print(f"[DEBUG]: tgz url : {chart_url}")
+    print(f"[DEBUG]: response code from head request: {head.status_code}")
+
+    target_digest = ""
+    if head.status_code == 200:
+        response = requests.get(chart_url, allow_redirects=True)
+        print(f"[DEBUG]: response code get request: {response.status_code}")
+        target_digest = hashlib.sha256(response.content).hexdigest()
+        print(f"[DEBUG]: calculated digest : {target_digest}")
+
+    pkg_digest = ""
+    if "digest" in chart_entry:
+        pkg_digest = chart_entry["digest"]
+        print(f"[DEBUG]: digest in report : {pkg_digest}")
+
+    if target_digest:
+        if not pkg_digest:
+            # Digest was computed but not passed
+            chart_entry["digest"] = target_digest
+        elif pkg_digest != target_digest:
+            # Digest was passed and computed but differ
+            raise Exception(
+                "Found an integrity issue. SHA256 digest passed does not match SHA256 digest computed."
+            )
+    elif not pkg_digest:
+        # Digest was not passed and could not be computed
+        raise Exception(
+            "Was unable to compute SHA256 digest, please ensure chart url points to a chart package."
+        )
+
+
+def write_index_file(index_data, index_file):
+    """Write the new content of the index to file
+
+    Args:
+        index_data (dict): Content of the Helm repo index
+        index_file (str): Path to the index file to update
+
+    """
+    out = yaml.dump(index_data, Dumper=Dumper)
+    print(f"{index_file} content:\n", out)
+    with open(index_file, "w") as fd:
+        fd.write(out)
+
+
+def main():
+    parser = argparse.ArgumentParser()
+    parser.add_argument(
+        "-b",
+        "--index-branch",
+        dest="index_branch",
+        type=str,
+        required=True,
+        help="Git branch that hosts the Helm repository index",
+    )
+    parser.add_argument(
+        "-f",
+        "--index-file",
+        dest="index_file",
+        type=str,
+        required=True,
+        help="index file to update",
+    )
+    parser.add_argument(
+        "-r",
+        "--repository",
+        dest="repository",
+        type=str,
+        required=True,
+        help="Name of the git Repository",
+    )
+    parser.add_argument(
+        "-u",
+        "--chart-url",
+        dest="chart_url",
+        type=str,
+        required=True,
+        help="URL where the Chart is available",
+    )
+    parser.add_argument(
+        "-e",
+        "--chart-entry",
+        dest="chart_entry_encoded",
+        type=str,
+        required=True,
+        help="Index entry to add",
+    )
+    parser.add_argument(
+        "-v",
+        "--version",
+        dest="version",
+        type=str,
+        required=True,
+        help="Version of the chart being added",
+    )
+    args = parser.parse_args()
+
+    chart_entry = _decode_chart_entry(args.chart_entry_encoded)
+
+    env = Env()
+    web_catalog_only = env.bool("WEB_CATALOG_ONLY", False)
+
+    index_data = download_index(args.index_file, args.repository, args.index_branch)
+    update_index(
+        index_data,
+        args.version,
+        args.chart_url,
+        chart_entry,
+        web_catalog_only,
+    )
+    write_index_file(index_data, args.index_file)
diff --git a/scripts/src/workflowtesting/checkprforci.py b/scripts/src/workflowtesting/checkprforci.py
index 936469ea7b7..7e862045d44 100644
--- a/scripts/src/workflowtesting/checkprforci.py
+++ b/scripts/src/workflowtesting/checkprforci.py
@@ -1,59 +1,67 @@
 import re
 import argparse
 import os
-import requests
-import json
 import yaml
 import sys
 
 try:
-    from yaml import CLoader as Loader, CDumper as Dumper
+    from yaml import CLoader as Loader
 except ImportError:
-    from yaml import Loader, Dumper
+    from yaml import Loader
+from tools import gitutils
+
+sys.path.append("../")
+from pullrequest import prartifact
+
 
 def check_if_ci_only_is_modified(api_url):
     # api_url https://api.github.com/repos/<organization-name>/<repository-name>/pulls/1
 
-    files_api_url = f'{api_url}/files'
-    headers = {'Accept': 'application/vnd.github.v3+json'}
-
-    workflow_files = [re.compile(r".github/workflows/.*"),re.compile(r"scripts/.*"),re.compile(r"tests/.*")]
-    test_files = [re.compile(r"tests/functional/step_defs/test.*"),re.compile(r"tests/functional/features/.*.feature")]
-    smoke_test_files = [re.compile(r"tests/functional/features/smoke/.*"),re.compile(r"tests/functional/step_defs/.*smoke.*.py")]
-    skip_build_files = [re.compile(r"release/release_info.json"),re.compile(r"README.md"),re.compile(r"docs/([\w-]+)\.md")]
-    page_number = 1
-    max_page_size,page_size = 100,100
+    files = prartifact.get_modified_files(api_url)
+    workflow_files = [
+        re.compile(r".github/(workflows|actions)/.*"),
+        re.compile(r"scripts/.*"),
+        re.compile(r"tests/.*"),
+    ]
+    test_files = [
+        re.compile(r"tests/functional/step_defs/.*_test_.*"),
+        re.compile(r"tests/functional/behave_features/.*.feature"),
+    ]
+    skip_build_files = [
+        re.compile(r"release/release_info.json"),
+        re.compile(r"README.md"),
+        re.compile(r"docs/([\w-]+)\.md"),
+    ]
+
+    print(f"[INFO] The following files were modified in this PR: {files}")
 
     workflow_found = False
     others_found = False
-    full_tests_included = False
-
-    while (page_size == max_page_size):
-
-        files_api_query = f'{files_api_url}?per_page={page_size}&page={page_number}'
-        r = requests.get(files_api_query,headers=headers)
-        files = r.json()
-        page_size = len(files)
-        page_number += 1
-
-        for f in files:
-            filename = f["filename"]
-            if any([pattern.match(filename) for pattern in workflow_files]):
-                workflow_found = True
-                if any([pattern.match(filename) for pattern in test_files]):
-                    if not any([pattern.match(filename) for pattern in smoke_test_files]):
-                        print(f"[INFO] full test file found: {filename}")
-                        full_tests_included = True
-            elif any([pattern.match(filename) for pattern in skip_build_files]):
-                others_found = True
-            else:
-                return False
+    tests_included = False
+
+    for filename in files:
+        if any([pattern.match(filename) for pattern in workflow_files]):
+            print(f"[DEBUG] Modified file {filename} is a workflow file.")
+            workflow_found = True
+            # Tests are considered workflow files AND test files to inform other actions
+            # so we detect both separately.
+            if any([pattern.match(filename) for pattern in test_files]):
+                print(f"[DEBUG] Modified file {filename} is also a test file.")
+                tests_included = True
+        elif any([pattern.match(filename) for pattern in skip_build_files]):
+            print(f"[DEBUG] Modified file {filename} is a skippable file.")
+            others_found = True
+        else:
+            print(
+                f"[DEBUG] Modified file {filename} did not match any file paths of interest. Ignoring."
+            )
+            continue
 
     if others_found and not workflow_found:
-        print("::set-output name=do-not-build::true")
-    elif full_tests_included:
-        print(f"[INFO] set full_tests_in_pr to true")
-        print("::set-output name=full_tests_in_pr::true")
+        gitutils.add_output("do-not-build", "true")
+    elif tests_included:
+        print("[INFO] set full_tests_in_pr to true")
+        gitutils.add_output("full_tests_in_pr", "true")
 
     return workflow_found
 
@@ -70,33 +78,51 @@ def verify_user(username):
             print(f"[INFO] {username} authorized")
             return True
         else:
-           print(f"[ERROR] {username} cannot run tests")
+            print(f"[ERROR] {username} cannot run tests")
     return False
 
 
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument("-u", "--api-url", dest="api_url", type=str, required=False,
-                                        help="API URL for the pull request")
-    parser.add_argument("-n", "--verify-user", dest="username", type=str, required=True,
-                        help="check if the user can run tests")
+    parser.add_argument(
+        "-u",
+        "--api-url",
+        dest="api_url",
+        type=str,
+        required=False,
+        help="API URL for the pull request",
+    )
+    parser.add_argument(
+        "-n",
+        "--verify-user",
+        dest="username",
+        type=str,
+        required=True,
+        help="check if the user can run tests",
+    )
     args = parser.parse_args()
     if not args.api_url:
         if verify_user(args.username):
-            print(f"[INFO] User authorized for manual invocation - run tests.")
-            print(f"::set-output name=run-tests::true")
+            print("[INFO] User authorized for manual invocation - run tests.")
+            gitutils.add_output("run-tests", "true")
         else:
-            print(f"[INFO] User not authorized for manual invocation - do not run tests.")
-            print(f"::set-output name=workflow-only-but-not-authorized::true")
+            print(
+                "[INFO] User not authorized for manual invocation - do not run tests."
+            )
+            gitutils.add_output("workflow-only-but-not-authorized", "true")
     elif check_if_ci_only_is_modified(args.api_url):
         if verify_user(args.username):
-            print(f"[INFO] PR is workflow changes only and user is authorized - run tests.")
-            print(f"::set-output name=run-tests::true")
+            print(
+                "[INFO] PR is workflow changes only and user is authorized - run tests."
+            )
+            gitutils.add_output("run-tests", "true")
         else:
-            print(f"[INFO] PR is workflow changes only but user is not authorized - do not run tests.")
-            print(f"::set-output name=workflow-only-but-not-authorized::true")
+            print(
+                "[INFO] PR is workflow changes only but user is not authorized - do not run tests."
+            )
+            gitutils.add_output("workflow-only-but-not-authorized", "true")
     else:
-        print(f"[INFO] Non workflow changes were found - do not run tests")
+        print("[INFO] Non workflow changes were found - do not run tests")
 
 
 if __name__ == "__main__":
diff --git a/tests/README.md b/tests/README.md
new file mode 100644
index 00000000000..e37121c9e13
--- /dev/null
+++ b/tests/README.md
@@ -0,0 +1,27 @@
+# Certification Tests for Partner and Red Hat Charts
+
+This test suite contains multiple behavior-driven development (BDD) tests that trigger automated pull request creations and running the chart submission workflow under the [sandbox repository](https://github.com/openshift-helm-charts/sandbox). Currently there are two main motivations. Accordingly, two test workdlows are implemented to address the problems.
+
+## Motivation #1
+
+As an OpenShift Helm partner or Red Hat associate, I would like Red Hat to automatically run a certification flow for my existing charts whenever there is a significant change to the certification flow (e.g. new OpenShift or chart-verifier version), so that I know whether my charts can be auto-certified or I need to take action to submit a new chart version.
+
+## Motivation #2
+
+During the development of GitHub workflow, we want to automate the process of chart submission process so that no manual forks and PR submissions are needed to test the workflow changes. Previously, all processes are done manually from creating pull requests with test charts to cleaning up the release assets.
+
+## Test Submitted Charts on OpenShift / Chart Verifier Update
+
+![CI Test Logic](../assets/ci_test_logic_schedule.png "CI Test Logic (Schedule)")
+
+For every new release of chart verifier or any upgrade to certification clusters, we will run a certification test for all charts that do contain a chart package but without a report. Given that the certification test passes, we will ask the chart owners for permissions through GitHub issues and update the index.yaml to indicate the certification is also valid for the new version of OpenShift or the new version of chart verifier. In the event where the test fails we will notify the owners through GitHub issues of the version change and invite them to submit a new version of the chart that meets the new certification criteria. All test branches as well as the releases under the sandbox are cleaned up after the tests are finished.
+
+Refer to [workflow file](../.github/workflows/test.yml) for implementation details.
+
+## Test Release Workflow on Pull Requests
+
+![CI Test Logic](../assets/ci_test_logic_pr.png "CI Test Logic (Pull Request)")
+
+For any pull request that updates workflow under `.github/workflows`, dependency scripts under `scripts/src`, or tests under `tests/`, we first check that the submitter of the PR is listed under `approver` of `OWNERS` file and then run the automated tests. All test branches as well as the releases under the sandbox are cleaned up after the tests are finished.
+
+Refer to [workflow file](../.github/workflows/schedule.yml) for implementation details.
diff --git a/tests/data/HC-04/community/report.yaml b/tests/data/HC-04/community/report.yaml
new file mode 100644
index 00000000000..761057f1d9f
--- /dev/null
+++ b/tests/data/HC-04/community/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: community
+            version: v1.2
+        reportDigest: uint64:12809162393075256090
+        chart-uri: tests/data/vault-0.17.0.tgz
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:24:35.651882-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Optional
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Optional
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Optional
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/required-annotations-present
+      type: Optional
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Optional
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Optional
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/is-helm-v3
+      type: Optional
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Optional
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Optional
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Optional
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/has-kubeversion
+      type: Optional
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Optional
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+
diff --git a/tests/data/HC-04/partner/report.yaml b/tests/data/HC-04/partner/report.yaml
new file mode 100644
index 00000000000..8b146ecb6c8
--- /dev/null
+++ b/tests/data/HC-04/partner/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:5889874118220183952
+        chart-uri: tests/data/vault-0.17.0.tgz
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:23:45.06562-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/tests/data/HC-04/redhat/report.yaml b/tests/data/HC-04/redhat/report.yaml
new file mode 100644
index 00000000000..cd5b64b0a14
--- /dev/null
+++ b/tests/data/HC-04/redhat/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: redhat
+            version: v1.2
+        reportDigest: uint64:8130407775330379847
+        chart-uri: tests/data/vault-0.17.0.tgz
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:24:10.256101-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/tests/data/HC-06/partner/report.yaml b/tests/data/HC-06/partner/report.yaml
new file mode 100644
index 00000000000..3576fea0416
--- /dev/null
+++ b/tests/data/HC-06/partner/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:68037995052838460
+        chart-uri: N/A
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:25:00.405795-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: true
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/tests/data/HC-09/community/report.json b/tests/data/HC-09/community/report.json
new file mode 100644
index 00000000000..96e2bb6049a
--- /dev/null
+++ b/tests/data/HC-09/community/report.json
@@ -0,0 +1,132 @@
+{
+  "apiversion": "v1",
+  "kind": "verify-report",
+  "metadata": {
+    "tool": {
+      "verifier-version": "1.12.2",
+      "profile": {
+        "vendorType": "community",
+        "version": "v1.2"
+      },
+      "reportDigest": "uint64:15967274106154560417",
+      "chart-uri": "https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true",
+      "digests": {
+        "chart": "sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05",
+        "package": "641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513"
+      },
+      "lastCertifiedTimestamp": "2023-09-11T12:26:16.660772-04:00",
+      "testedOpenShiftVersion": "4.13",
+      "supportedOpenShiftVersions": ">=4.2",
+      "webCatalogOnly": false
+    },
+    "chart": {
+      "name": "vault",
+      "home": "https://www.vaultproject.io",
+      "sources": [
+        "https://github.com/hashicorp/vault",
+        "https://github.com/hashicorp/vault-helm",
+        "https://github.com/hashicorp/vault-k8s",
+        "https://github.com/hashicorp/vault-csi-provider"
+      ],
+      "version": "0.17.0",
+      "description": "Official HashiCorp Vault Chart",
+      "keywords": [
+        "vault",
+        "security",
+        "encryption",
+        "secrets",
+        "management",
+        "automation",
+        "infrastructure"
+      ],
+      "icon": "https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png",
+      "apiVersion": "v2",
+      "appVersion": "1.8.4",
+      "annotations": {
+        "charts.openshift.io/name": "vault"
+      },
+      "kubeVersion": ">= 1.14.0-0"
+    },
+    "chart-overrides": ""
+  },
+  "results": [
+    {
+      "check": "v1.0/has-readme",
+      "type": "Optional",
+      "outcome": "PASS",
+      "reason": "Chart has a README"
+    },
+    {
+      "check": "v1.0/helm-lint",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Helm lint successful"
+    },
+    {
+      "check": "v1.1/images-are-certified",
+      "type": "Optional",
+      "outcome": "PASS",
+      "reason": "Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi\nImage is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi"
+    },
+    {
+      "check": "v1.0/signature-is-valid",
+      "type": "Optional",
+      "outcome": "SKIPPED",
+      "reason": "Chart is not signed : Signature verification not required"
+    },
+    {
+      "check": "v1.0/contains-test",
+      "type": "Optional",
+      "outcome": "PASS",
+      "reason": "Chart test files exist"
+    },
+    {
+      "check": "v1.0/required-annotations-present",
+      "type": "Optional",
+      "outcome": "PASS",
+      "reason": "All required annotations present"
+    },
+    {
+      "check": "v1.0/chart-testing",
+      "type": "Optional",
+      "outcome": "PASS",
+      "reason": "Chart tests have passed"
+    },
+    {
+      "check": "v1.0/is-helm-v3",
+      "type": "Optional",
+      "outcome": "PASS",
+      "reason": "API version is V2, used in Helm 3"
+    },
+    {
+      "check": "v1.0/contains-values",
+      "type": "Optional",
+      "outcome": "PASS",
+      "reason": "Values file exist"
+    },
+    {
+      "check": "v1.1/has-kubeversion",
+      "type": "Optional",
+      "outcome": "PASS",
+      "reason": "Kubernetes version specified"
+    },
+    {
+      "check": "v1.0/not-contains-crds",
+      "type": "Optional",
+      "outcome": "PASS",
+      "reason": "Chart does not contain CRDs"
+    },
+    {
+      "check": "v1.0/not-contain-csi-objects",
+      "type": "Optional",
+      "outcome": "PASS",
+      "reason": "CSI objects do not exist"
+    },
+    {
+      "check": "v1.0/contains-values-schema",
+      "type": "Optional",
+      "outcome": "PASS",
+      "reason": "Values schema file exist"
+    }
+  ]
+}
diff --git a/tests/data/HC-09/partner/report.json b/tests/data/HC-09/partner/report.json
new file mode 100644
index 00000000000..5ca3cbbbce6
--- /dev/null
+++ b/tests/data/HC-09/partner/report.json
@@ -0,0 +1,132 @@
+{
+  "apiversion": "v1",
+  "kind": "verify-report",
+  "metadata": {
+    "tool": {
+      "verifier-version": "1.12.2",
+      "profile": {
+        "vendorType": "partner",
+        "version": "v1.2"
+      },
+      "reportDigest": "uint64:708741566645764623",
+      "chart-uri": "https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true",
+      "digests": {
+        "chart": "sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05",
+        "package": "641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513"
+      },
+      "lastCertifiedTimestamp": "2023-09-11T12:25:26.76148-04:00",
+      "testedOpenShiftVersion": "4.13",
+      "supportedOpenShiftVersions": ">=4.2",
+      "webCatalogOnly": false
+    },
+    "chart": {
+      "name": "vault",
+      "home": "https://www.vaultproject.io",
+      "sources": [
+        "https://github.com/hashicorp/vault",
+        "https://github.com/hashicorp/vault-helm",
+        "https://github.com/hashicorp/vault-k8s",
+        "https://github.com/hashicorp/vault-csi-provider"
+      ],
+      "version": "0.17.0",
+      "description": "Official HashiCorp Vault Chart",
+      "keywords": [
+        "vault",
+        "security",
+        "encryption",
+        "secrets",
+        "management",
+        "automation",
+        "infrastructure"
+      ],
+      "icon": "https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png",
+      "apiVersion": "v2",
+      "appVersion": "1.8.4",
+      "annotations": {
+        "charts.openshift.io/name": "vault"
+      },
+      "kubeVersion": ">= 1.14.0-0"
+    },
+    "chart-overrides": ""
+  },
+  "results": [
+    {
+      "check": "v1.0/contains-test",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Chart test files exist"
+    },
+    {
+      "check": "v1.0/has-readme",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Chart has a README"
+    },
+    {
+      "check": "v1.1/has-kubeversion",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Kubernetes version specified"
+    },
+    {
+      "check": "v1.0/is-helm-v3",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "API version is V2, used in Helm 3"
+    },
+    {
+      "check": "v1.0/not-contains-crds",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Chart does not contain CRDs"
+    },
+    {
+      "check": "v1.0/chart-testing",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Chart tests have passed"
+    },
+    {
+      "check": "v1.0/not-contain-csi-objects",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "CSI objects do not exist"
+    },
+    {
+      "check": "v1.0/signature-is-valid",
+      "type": "Mandatory",
+      "outcome": "SKIPPED",
+      "reason": "Chart is not signed : Signature verification not required"
+    },
+    {
+      "check": "v1.0/helm-lint",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Helm lint successful"
+    },
+    {
+      "check": "v1.0/contains-values-schema",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Values schema file exist"
+    },
+    {
+      "check": "v1.0/contains-values",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Values file exist"
+    },
+    {
+      "check": "v1.1/images-are-certified",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi\nImage is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi"
+    },
+    {
+      "check": "v1.0/required-annotations-present",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "All required annotations present"
+    }
+  ]
+}
diff --git a/tests/data/HC-09/redhat/report.json b/tests/data/HC-09/redhat/report.json
new file mode 100644
index 00000000000..a3dce6ba474
--- /dev/null
+++ b/tests/data/HC-09/redhat/report.json
@@ -0,0 +1,132 @@
+{
+  "apiversion": "v1",
+  "kind": "verify-report",
+  "metadata": {
+    "tool": {
+      "verifier-version": "1.12.2",
+      "profile": {
+        "vendorType": "redhat",
+        "version": "v1.2"
+      },
+      "reportDigest": "uint64:13615454925704897580",
+      "chart-uri": "https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true",
+      "digests": {
+        "chart": "sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05",
+        "package": "641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513"
+      },
+      "lastCertifiedTimestamp": "2023-09-11T12:25:52.103513-04:00",
+      "testedOpenShiftVersion": "4.13",
+      "supportedOpenShiftVersions": ">=4.2",
+      "webCatalogOnly": false
+    },
+    "chart": {
+      "name": "vault",
+      "home": "https://www.vaultproject.io",
+      "sources": [
+        "https://github.com/hashicorp/vault",
+        "https://github.com/hashicorp/vault-helm",
+        "https://github.com/hashicorp/vault-k8s",
+        "https://github.com/hashicorp/vault-csi-provider"
+      ],
+      "version": "0.17.0",
+      "description": "Official HashiCorp Vault Chart",
+      "keywords": [
+        "vault",
+        "security",
+        "encryption",
+        "secrets",
+        "management",
+        "automation",
+        "infrastructure"
+      ],
+      "icon": "https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png",
+      "apiVersion": "v2",
+      "appVersion": "1.8.4",
+      "annotations": {
+        "charts.openshift.io/name": "vault"
+      },
+      "kubeVersion": ">= 1.14.0-0"
+    },
+    "chart-overrides": ""
+  },
+  "results": [
+    {
+      "check": "v1.0/has-readme",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Chart has a README"
+    },
+    {
+      "check": "v1.0/not-contain-csi-objects",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "CSI objects do not exist"
+    },
+    {
+      "check": "v1.0/not-contains-crds",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Chart does not contain CRDs"
+    },
+    {
+      "check": "v1.0/contains-values-schema",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Values schema file exist"
+    },
+    {
+      "check": "v1.0/contains-test",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Chart test files exist"
+    },
+    {
+      "check": "v1.0/chart-testing",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Chart tests have passed"
+    },
+    {
+      "check": "v1.0/helm-lint",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Helm lint successful"
+    },
+    {
+      "check": "v1.1/images-are-certified",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi\nImage is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi"
+    },
+    {
+      "check": "v1.0/required-annotations-present",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "All required annotations present"
+    },
+    {
+      "check": "v1.0/contains-values",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Values file exist"
+    },
+    {
+      "check": "v1.1/has-kubeversion",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "Kubernetes version specified"
+    },
+    {
+      "check": "v1.0/is-helm-v3",
+      "type": "Mandatory",
+      "outcome": "PASS",
+      "reason": "API version is V2, used in Helm 3"
+    },
+    {
+      "check": "v1.0/signature-is-valid",
+      "type": "Mandatory",
+      "outcome": "SKIPPED",
+      "reason": "Chart is not signed : Signature verification not required"
+    }
+  ]
+}
diff --git a/tests/data/HC-10/signed_chart/public_key_bad.asc b/tests/data/HC-10/signed_chart/public_key_bad.asc
new file mode 100644
index 00000000000..f3805ac77bc
--- /dev/null
+++ b/tests/data/HC-10/signed_chart/public_key_bad.asc
@@ -0,0 +1,29 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBFngl4UBCADDnQPW5RoaE4JbCiLnQcsC4QmFtuJkCNtsbgpunhXuU/I12WNy
+IWYyT60YnXa8mNhu3D9zmypUaaDbfIyoNV7ITYHo1CIS73fGDd+Mb4TuAqc7uRv4
+YcwNVaZ/tZx875GBgscxix9m25mSwVSXkM6VQYZdhkMC9h7PPMBL9bmCV7OcHkz3
+MwJ6ZSGGXtAKWSU7nPdcRPgHpMeB0kVvJQtlCLVr6uWuX6Y0FBoSdfukc4mGGebF
+fq3NjXQhTRwcoDtaYD2z+07JwsWFVHNejZ2O38A4zunuym8ZXUx9MthHY3FJ07vJ
+A6V0FVwPmhxg8VvQcvCKqMpXzhfA2GJNOWJvABEBAAG0IFBhdmVsIE1hY8OtayA8
+cG1hY2lrQHJlZGhhdC5jb20+iQE3BBMBCAAhBQJZ4JeFAhsDBQsJCAcCBhUICQoL
+AgQWAgMBAh4BAheAAAoJEJxz0J5nr4YidnoH/1p624eLXwfZ+Hzd6h77LPHxdYKU
+88ISyt4colhc15ukLGzl2jP4MW9rP9DP3/NpZir6lArkr2E1M4olv1aJgKOrv2zq
+J/Vkw0tp5Ecl1u+Ty3Zl9ZCo/GcxXDXFQkQxIyHfPS6EHKrEscz1tHvLVwNswO5I
++qFa+UDham5ZL36gkyVSJfNd7s2ZsK+YIvv64yJZG4P20M2Gv2iR0NIIe/osrrE4
+MoE2rlsROOqXEp8RQPMeFCEKomZeLWZCRA3dp7JQJqjAlgYP5PGaxrgJ5MDBKrts
+4iMR/AC9oSEIk5eagUhScEsW4wbe0czL3mEFUflDM8Gc6E5HCSAwtLmqV6y5AQ0E
+WeCXhQEIAL2VtQ4W455uGy4+Kt/z3sL5oV1VJDJoPmQ9IiSAHd/qy/+w7HDcSHp1
+TkNRmLpb6lZt9cDAmmg59qwutuAX4IydKN2iF5n+SEo15nme582/oTrkLysH+Zdn
+b6L7BlVKtANEhAE6j2ZAzljvIBMKb3wiVS+VYDS/UiO2cSnunL4IpcecXFRvOevU
+w4LoINWfyHSA4RtoozgiGC3HSbc2b/wGVXvGLN0EAlIjx/vy5KN9AhcaaEyAYaAe
+lbB1Etzyvb6Dy3hjjLNCIOtILqkxKzFF0Kskh1FEOljPCc5gkE8Og3272LVu0lRr
+F3hODs0pPUSi3aCNWaiGu81sUzZViJ0AEQEAAYkBHwQYAQgACQUCWeCXhQIbDAAK
+CRCcc9CeZ6+GIhjwB/9uWw2fg7SENHgSYZkw4WT7Bi/nX3QN83DskA6VCKc9m7ls
+0YKxTHrHfY+KQxRy/sI82Q0aX0oYEzh2UrHo3N6u5jw69htwbi1ug+JcTenhMgfX
+tmLZ5rhvXLXjIxYOmhnQn4XBMoz+z0RcCphQ9AoSQnArQHJcz8YdxDr0Xl8et6OK
+0B41do58S4dyh9NiseV794XnIbk6wyMuhdEl99+DR7mUGOEKN8DLUriOBFT6TMwx
+dNMCkd1mpleqg/ed4KeMO4nOV18jmzc8TxC4H/nEUCqKFOg7JEq77GkcN/BVN9jF
+qq+KihliSFpvLIPjlaBgpu4Yj+sl1s95i4XyIod8
+=bo+t
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/data/HC-10/signed_chart/public_key_good.asc b/tests/data/HC-10/signed_chart/public_key_good.asc
new file mode 100644
index 00000000000..35d641bf450
--- /dev/null
+++ b/tests/data/HC-10/signed_chart/public_key_good.asc
@@ -0,0 +1,52 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGT7cl8BEAC9AR5hRZQbOVIbZcafy7z+FQ/dr4ssKQnXky2JKit+TLpkawGo
+0aCQlll2Bf1COYFACJ3NJFUf4VXZoW9Jz5nxXi2GNJxhkRX3NgXIsnB1YVdauwhd
+wU8DrJpfBw/EUXcRFQvs8Cfc+gRJxZ9R6EdXewW4posK7FyE5pncgU0jmFoGY67P
+A2vTog2VbCshQ3vf3mQdwyxRJyOy4e7Ea9sa04p40VxDyyf+hCGYnA4v4FkoQ9qa
+43Ikbp0E9oRP7rpbTuX+2h0RXmZmtGFidxMRbMFDtQ12VI1/JNE3HyrIRunqCWib
+HfhnHa+EYak3Vb9F1pBCZwFP2QEH1RqukzNnBHhUNgwV83+FMw4tGbJ6fSDNIAcE
+5LAIz6BM7T3+bfKVtqHIrekWPpVx5+uMIUTXiJ8cmmfkWN5Foyl8cPidcHb0RCJr
+RkU6j0P57lD4yJNMGI8Yovbn0xNz1flkwvq4HpyV58jVSiqtBX183bP5aw/xaAgj
+/RXDkWWvkItp1Sa8ISJcY8fr/DOvFr6H8jCcMlLpXHxPcKYoc4Zsc01uKfBkZsHv
+iC9OjXb0i+05sEPT1cLHo/whEqPRiuncuRduCKWlhIExjABHWD5iczDK06nd6Fug
+gsYGAdy3QrI4Vxxsz6auDBIkhmHG+A/UVB8hJnGwK+VvDKl/jCntJqeVqQARAQAB
+tCJKb3NoIE1hbm5pbmcgPGptYW5uaW5nQHJlZGhhdC5jb20+iQJXBBMBCABBFiEE
+GS9AVySXfej6o67FUMC2vNfsAzsFAmT7cl8CGwMFCQPCZwAFCwkIBwICIgIGFQoJ
+CAsCBBYCAwECHgcCF4AACgkQUMC2vNfsAzvwDw/9EzuGoyzRC1iOerywINmdglbL
+NcH3qt6NZdnIzuVcODU4znFqfTqGwhV/XwrRIOS5f/gihpMBHXU1d4hLpX9XtN5a
+TSYTnqTKeyvtJT4OdCdU4CTtoAk2swxsLfqBXk0OoiBQvzQlG32NC1l5W0MVm/8a
+RRefgUtX6gp/mBFdd/qrKw+AYWCRVAncuDu5cnEplsHctpG/8wxDshLOpJDHJ9x9
+300+EJVTf+I29D96igTm0t3/cfWm5Ho7BfUMPF3aUnrJKwFPk4uBgYSQSsfiAlC7
+PUzsvcdan2dyyEfImQNvuSEAcOqZZMyShOvsXwfWTC51hr3JOmYVxCcs9z1hCBnR
+lpWibAokwGKP4wNFC8jIutPyDxzJDkXV2AXnylKDQ8gDHSuXuWir2oOzx1Vha/31
+KFCPq22OEQWu2Gyq5r+J2gHQCZNo9jc22/jASN80GlyhZ4T4uzQcnGjR+p4yo/ZG
+4OMTLZytE97wZwfEENNwDux+jNaorYNul5qR86igpnU8yoQyPBdfzz1x1M04gTcu
+I69DFnlCajQ5fj/pPElKOQZn9NfD518ptySCS7N5VJWrs7zsBOs0sLQVb3ijMUK1
+R8WMkg1U7ptOHfpAE8XIx/Ph6vtHEMDBYn4iFaN6pdvOnhddQS+pVqgZ4odHpvXy
+OM0iAX9curQ1xnIXnka5Ag0EZPtyXwEQALKAlPaTqpQ0Z04JtWkIlBGw6D0nVPL/
+o161QZHoInthkO8q1W4jC9GGxfg3S1hjnzO/m2zInFGtHkv1/0z7uH2d34fx7Ip/
+tx0BYjjo96paEv710mDj2697lhPdyUflZpdP8LXD8zx7KpJwNIf+39+UsCfEtF2w
+P80NjoEqQplTNsJPCUadWiki/AE7f0SFcxcBTsHP9JHIBjVpFr6gtJ+1GMm15wvq
+7Cp1yw/o+HkmL4ms4rclkEQSFJRDqoA2/QNy6Fwi/WEJfQ3obZk/k/yIQxEOLzTb
+/RWlf82fih+iQas4tV6cma1K7Y6mhZkkVXSsvCVj2Yuxolp8KQiFNyHngmAhoouV
+k9NyPy2X8RNEp7ELsKfBzargrXTzEBL3lWVCfCq7QBkCNhHegXAHAWeeerF5q/iw
+ckZ4e6TV+5FoZQCW4ec3A40OqnmtIwoIw6Xza561Rt4LZv8wcxE6cb+K5I1DK4dn
+eoH7fi4pRQFddt8mKrt9U3IPYhfc2S9rTV74/T/92yBCmnig32jbL6DPaypOpXJZ
+R7si1fImaJGDeHPPw/q3529smauv8P8m7Y8PgDCFRxC8QUHFcVZ+YuhCS85jyUKI
+4W0GGAy+Ri9O3fGN710un3eV4LLPyj4AajwDnJ9MXxrKhAb6pkr6MQaZWqhYnz7n
+mLL2wZumt43zABEBAAGJAjwEGAEIACYWIQQZL0BXJJd96PqjrsVQwLa81+wDOwUC
+ZPtyXwIbDAUJA8JnAAAKCRBQwLa81+wDO3/KEACDlyHc42xjR5nr1VL2N6z7T8Z2
+PEHA1wsyaNb94SN30ujRZryHKLjXvAOROuKV6pAht7F7Al3iFNpbp2SkMEJ9hV/C
+3vWy2uACJs7cvxYPOgDLpV0pM9vw2qxir/YVhLJbrc57GsMb4yy2JKfUxpXJAWH7
+ZPsXDeKZD3mFGiwpQyKYGN1R5HDRM9HhAUGoI05sYXnmgOLxmv+EFJRVbUzvDAEA
+0ETcDAFnc2eI0OQbKO1jhImCbR/sBDnDsERGZ4wlxBfPl8NvK2E9JsA3ba+Snhtb
+RGnk8NvJMB8CHZqR6X2DCOSrOQzOKGy8KHFHlt8thbWpbvHQfxUtOyb329kk1ZqA
+/IaAVz5o6j8exOeTuGNd0d67S06+h50Gp2TIYVaG2G1ok+lyQIushI2icDEarh87
+gpleAwUO19OhoCroS5qLRY2t7odqfVzmpNUtJSpXIbByjbLWimMN1I0XJBfOJwBC
+luuHjlZY1TiP++HB3tDWJTnU8AjAh5vl8IpCP0SEdLcar2ZwgEbvjnJW6jbTKK7J
+7dLMhb4GGbOYlfozLsF8y6IbzAKadJQxHo2JeDH3ralcH4+cVGfQiRoIkU0jEXxl
+2dcHmqPq1WBfztAD0FsjBq46b2dAz9MqsFYj+b1d2UjgY8BvAtJErqS+ZbA2Nylk
+ADpPw8vc4Y9906rbIg==
+=Jhq+
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/tests/data/HC-10/signed_chart/report/partner/report.yaml b/tests/data/HC-10/signed_chart/report/partner/report.yaml
new file mode 100644
index 00000000000..ae7ef8d0fc4
--- /dev/null
+++ b/tests/data/HC-10/signed_chart/report/partner/report.yaml
@@ -0,0 +1,105 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:4470320058153955158
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/HC-10/signed_chart/vault-0.17.0.tgz?raw=true
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 6fb1fea44b19334adff0b9c8bb2946d35f59150fea2ba98fb2d2fc902162ecb5
+            publicKey: 678b498cef687fc38ac5af7b2afe447b1562f79c046a5210678203afdaebf558
+        lastCertifiedTimestamp: "2023-09-11T12:30:18.702841-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: PASS
+      reason: 'Chart is signed : Signature verification passed'
+
diff --git a/tests/data/HC-10/signed_chart/report/redhat/report.yaml b/tests/data/HC-10/signed_chart/report/redhat/report.yaml
new file mode 100644
index 00000000000..bbd195bc6ca
--- /dev/null
+++ b/tests/data/HC-10/signed_chart/report/redhat/report.yaml
@@ -0,0 +1,105 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: redhat
+            version: v1.2
+        reportDigest: uint64:5289725535514073789
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/HC-10/signed_chart/vault-0.17.0.tgz?raw=true
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 6fb1fea44b19334adff0b9c8bb2946d35f59150fea2ba98fb2d2fc902162ecb5
+            publicKey: 678b498cef687fc38ac5af7b2afe447b1562f79c046a5210678203afdaebf558
+        lastCertifiedTimestamp: "2023-09-11T12:30:43.037256-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: PASS
+      reason: 'Chart is signed : Signature verification passed'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+
diff --git a/tests/data/HC-10/signed_chart/vault-0.17.0.tgz b/tests/data/HC-10/signed_chart/vault-0.17.0.tgz
new file mode 100644
index 00000000000..77864e7b63e
Binary files /dev/null and b/tests/data/HC-10/signed_chart/vault-0.17.0.tgz differ
diff --git a/tests/data/HC-10/signed_chart/vault-0.17.0.tgz.prov b/tests/data/HC-10/signed_chart/vault-0.17.0.tgz.prov
new file mode 100644
index 00000000000..e271a3ebbbe
--- /dev/null
+++ b/tests/data/HC-10/signed_chart/vault-0.17.0.tgz.prov
@@ -0,0 +1,46 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+annotations:
+  charts.openshift.io/name: vault
+apiVersion: v2
+appVersion: 1.8.4
+description: Official HashiCorp Vault Chart
+home: https://www.vaultproject.io
+icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+keywords:
+- - vault
+- - security
+- - encryption
+- - secrets
+- - management
+- - automation
+- - infrastructure
+kubeVersion: '>= 1.14.0-0'
+name: vault
+sources:
+- - https://github.com/hashicorp/vault
+- - https://github.com/hashicorp/vault-helm
+- - https://github.com/hashicorp/vault-k8s
+- - https://github.com/hashicorp/vault-csi-provider
+version: 0.17.0
+
+...
+files:
+  vault-0.17.0.tgz: sha256:6fb1fea44b19334adff0b9c8bb2946d35f59150fea2ba98fb2d2fc902162ecb5
+-----BEGIN PGP SIGNATURE-----
+
+wsFcBAEBCgAQBQJk+3KmCRBQwLa81+wDOwAAJAoQAHlfr6/B3tK8E4xoEchRgbs1
+Ewrx8MUl7fxItKI0k5Ufljoz9pctZZB7Tk2iimW2C+WTVCh37PAazqgIP0CGa978
+RGZmZESjO3IjJ77nq94mU3XzK893lFuPm9NAGmUmukfVEgnwy1KVdAGubDQ+RvKu
+GVmbChUA8PVgN8TPX2ckYNNA8h4arpwUxza/CrlRaSlSg7ZrqyerH+nN8DX9vPEh
+CPS2psL8tf47IkD/8MlUJez/dO0TkbH3yX11U6Y1xiLZcm0vv/Mgml7bGPymLhJ/
+AluQdlyZLEKFlvZGkDaWvth8z6thKc3zNguVUXhvgjEowETrnQBJAZaf1T8YeBov
+EsMHhaoZ/TwhnLSO46+ZNNXGnW8StYYcd9Sqpd5nKDaxs6zbcZS6OV5Jl25YHV5I
+rsb95HuTYgeAJyCAKBfBISti3yJffVILyZlmgrCTnvcoBR5sV6VJGoZZsZlYJ2uU
+gV8Zg8PNeVE0HUW+qXw/RshJbvvhY2839LD5+BSLKy/bfQh9FP9waxQ9TdmlOXJK
+gfLLD5RFQNbv49uzZUqUN7uoyQvMYcjYIIRj5NTLjMBuvsqrfKTz+G4sUfpB+1Cs
+pLZrQYeq+6+wq/D/GHvPnohPwMGVF6W8Sb27CbyGcOBizfWKtG7P9sDI0FOpjw0s
+A5VFKvQ0gqOkC4TZa9yd
+=9MN1
+-----END PGP SIGNATURE-----
\ No newline at end of file
diff --git a/tests/data/HC-11/community/report.yaml b/tests/data/HC-11/community/report.yaml
new file mode 100644
index 00000000000..a15578080c6
--- /dev/null
+++ b/tests/data/HC-11/community/report.yaml
@@ -0,0 +1,100 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: community
+            version: v1.2
+        reportDigest: uint64:2311548969647311891
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:27:30.198044-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/signature-is-valid
+      type: Optional
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Optional
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Optional
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/is-helm-v3
+      type: Optional
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Optional
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Optional
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+    - check: v1.0/required-annotations-present
+      type: Optional
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/has-kubeversion
+      type: Optional
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contains-crds
+      type: Optional
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/has-readme
+      type: Optional
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Optional
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Optional
+      outcome: PASS
+      reason: Chart test files exist
+
diff --git a/tests/data/HC-11/partner/report.yaml b/tests/data/HC-11/partner/report.yaml
new file mode 100644
index 00000000000..c6e67eac66f
--- /dev/null
+++ b/tests/data/HC-11/partner/report.yaml
@@ -0,0 +1,100 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:15011152628298919945
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:26:40.391703-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+
diff --git a/tests/data/HC-11/partner_not_contain_crds/report.yaml b/tests/data/HC-11/partner_not_contain_crds/report.yaml
new file mode 100644
index 00000000000..24fe1491eb4
--- /dev/null
+++ b/tests/data/HC-11/partner_not_contain_crds/report.yaml
@@ -0,0 +1,100 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:9874489681103011099
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:27:05.389934-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/tests/data/HC-16/dash-in-version/partner/report.yaml b/tests/data/HC-16/dash-in-version/partner/report.yaml
new file mode 100644
index 00000000000..b4aec813058
--- /dev/null
+++ b/tests/data/HC-16/dash-in-version/partner/report.yaml
@@ -0,0 +1,89 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.7.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/psql-service-0.1.10-1.tgz?raw=true
+        digests:
+            chart: sha256:db482b4d90349c6b276ba27f581720cc62fa7bea05184b5bfd840844178a8da6
+            package: c8635dcdc8f8493abbdef85305be55c9d5dbf3a44495a88a8285c9a0d0c63408
+        lastCertifiedTimestamp: "2022-06-22T15:54:59.964823+00:00"
+        testedOpenShiftVersion: "4.10"
+        supportedOpenShiftVersions: '>=4.7'
+        providerControlledDelivery: false
+    chart:
+        name: psql-service
+        home: ""
+        sources: []
+        version: 0.1.10-1
+        description: A Helm chart for a RedHat Certified PSQL
+        keywords: []
+        maintainers: []
+        icon: ""
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 10.0.0
+        deprecated: false
+        annotations:
+            charts.openshift.io/archs: x86_64
+            charts.openshift.io/name: PSQL RedHat Demo Chart
+            charts.openshift.io/provider: RedHat
+            charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart
+        kubeversion: '>=1.20.0'
+        dependencies: []
+        type: application
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: 'Image is Red Hat certified : registry.access.redhat.com/rhscl/postgresql-10-rhel7:1-66'
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+
diff --git a/tests/data/HC-16/dash-in-version/redhat/report.yaml b/tests/data/HC-16/dash-in-version/redhat/report.yaml
new file mode 100644
index 00000000000..eff7b993619
--- /dev/null
+++ b/tests/data/HC-16/dash-in-version/redhat/report.yaml
@@ -0,0 +1,89 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.7.0
+        profile:
+            VendorType: redhat
+            version: v1.1
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/psql-service-0.1.10-1.tgz?raw=true
+        digests:
+            chart: sha256:db482b4d90349c6b276ba27f581720cc62fa7bea05184b5bfd840844178a8da6
+            package: c8635dcdc8f8493abbdef85305be55c9d5dbf3a44495a88a8285c9a0d0c63408
+        lastCertifiedTimestamp: "2022-06-22T17:21:03.1478+00:00"
+        testedOpenShiftVersion: "4.10"
+        supportedOpenShiftVersions: '>=4.7'
+        providerControlledDelivery: false
+    chart:
+        name: psql-service
+        home: ""
+        sources: []
+        version: 0.1.10-1
+        description: A Helm chart for a RedHat Certified PSQL
+        keywords: []
+        maintainers: []
+        icon: ""
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 10.0.0
+        deprecated: false
+        annotations:
+            charts.openshift.io/archs: x86_64
+            charts.openshift.io/name: PSQL RedHat Demo Chart
+            charts.openshift.io/provider: RedHat
+            charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart
+        kubeversion: '>=1.20.0'
+        dependencies: []
+        type: application
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: 'Image is Red Hat certified : registry.access.redhat.com/rhscl/postgresql-10-rhel7:1-66'
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+
diff --git a/tests/data/HC-17/dash-in-version/partner/report.yaml b/tests/data/HC-17/dash-in-version/partner/report.yaml
new file mode 100644
index 00000000000..af331752cb4
--- /dev/null
+++ b/tests/data/HC-17/dash-in-version/partner/report.yaml
@@ -0,0 +1,90 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.9.0
+        profile:
+            VendorType: partner
+            version: v1.1
+        reportDigest: uint64:12593951720348144952
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/psql-service-0.1.10-1.tgz?raw=true
+        digests:
+            chart: sha256:db482b4d90349c6b276ba27f581720cc62fa7bea05184b5bfd840844178a8da6
+            package: c8635dcdc8f8493abbdef85305be55c9d5dbf3a44495a88a8285c9a0d0c63408
+        lastCertifiedTimestamp: "2022-10-11T12:51:01.384305+05:30"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.7'
+        providerControlledDelivery: false
+    chart:
+        name: psql-service
+        home: ""
+        sources: []
+        version: 0.1.10-1
+        description: A Helm chart for a RedHat Certified PSQL
+        keywords: []
+        maintainers: []
+        icon: ""
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 10.0.0
+        deprecated: false
+        annotations:
+            charts.openshift.io/archs: x86_64
+            charts.openshift.io/name: PSQL RedHat Demo Chart
+            charts.openshift.io/provider: RedHat
+            charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart
+        kubeversion: '>=1.20.0'
+        dependencies: []
+        type: application
+    chart-overrides: ""
+results:
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: 'Image is Red Hat certified : registry.access.redhat.com/rhscl/postgresql-10-rhel7:1-66'
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+
diff --git a/tests/data/HC-17/dash-in-version/redhat/report.yaml b/tests/data/HC-17/dash-in-version/redhat/report.yaml
new file mode 100644
index 00000000000..04af94a0549
--- /dev/null
+++ b/tests/data/HC-17/dash-in-version/redhat/report.yaml
@@ -0,0 +1,90 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.9.0
+        profile:
+            VendorType: redhat
+            version: v1.1
+        reportDigest: uint64:13966675880356106002
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/psql-service-0.1.10-1.tgz?raw=true
+        digests:
+            chart: sha256:db482b4d90349c6b276ba27f581720cc62fa7bea05184b5bfd840844178a8da6
+            package: c8635dcdc8f8493abbdef85305be55c9d5dbf3a44495a88a8285c9a0d0c63408
+        lastCertifiedTimestamp: "2022-10-11T12:56:10.138339+05:30"
+        testedOpenShiftVersion: "4.11"
+        supportedOpenShiftVersions: '>=4.7'
+        providerControlledDelivery: false
+    chart:
+        name: psql-service
+        home: ""
+        sources: []
+        version: 0.1.10-1
+        description: A Helm chart for a RedHat Certified PSQL
+        keywords: []
+        maintainers: []
+        icon: ""
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 10.0.0
+        deprecated: false
+        annotations:
+            charts.openshift.io/archs: x86_64
+            charts.openshift.io/name: PSQL RedHat Demo Chart
+            charts.openshift.io/provider: RedHat
+            charts.openshift.io/supportURL: https://github.com/dperaza4dustbit/helm-chart
+        kubeversion: '>=1.20.0'
+        dependencies: []
+        type: application
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: 'Image is Red Hat certified : registry.access.redhat.com/rhscl/postgresql-10-rhel7:1-66'
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+
diff --git a/tests/data/HC-18/community/report.yaml b/tests/data/HC-18/community/report.yaml
new file mode 100644
index 00000000000..0336ef4ba25
--- /dev/null
+++ b/tests/data/HC-18/community/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: community
+            version: v1.2
+        reportDigest: uint64:2120021724436576277
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.18.0.tgz?raw=true
+        digests:
+            chart: sha256:bca63b8a5fd7083080effe38b5da54e413dd6da6778150590b1313d98e1e8b5a
+            package: 4d971920da45dc948fc57fcb216625c65b20b141c789f8348573c1e32d9a1c72
+        lastCertifiedTimestamp: "2023-09-11T12:29:25.69303-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.18.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.9.0
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-values
+      type: Optional
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contains-crds
+      type: Optional
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Optional
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/signature-is-valid
+      type: Optional
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/has-readme
+      type: Optional
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Optional
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Optional
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.1/has-kubeversion
+      type: Optional
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values-schema
+      type: Optional
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Optional
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.1-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.9.0-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Optional
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-test
+      type: Optional
+      outcome: PASS
+      reason: Chart test files exist
+
diff --git a/tests/data/HC-18/partner/report.yaml b/tests/data/HC-18/partner/report.yaml
new file mode 100644
index 00000000000..6b506f5cfd5
--- /dev/null
+++ b/tests/data/HC-18/partner/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:11482306088874782120
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.18.0.tgz?raw=true
+        digests:
+            chart: sha256:bca63b8a5fd7083080effe38b5da54e413dd6da6778150590b1313d98e1e8b5a
+            package: 4d971920da45dc948fc57fcb216625c65b20b141c789f8348573c1e32d9a1c72
+        lastCertifiedTimestamp: "2023-09-11T12:28:34.708017-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.18.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.9.0
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.1-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.9.0-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+
diff --git a/tests/data/HC-18/redhat/report.yaml b/tests/data/HC-18/redhat/report.yaml
new file mode 100644
index 00000000000..b8819a2b75a
--- /dev/null
+++ b/tests/data/HC-18/redhat/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: redhat
+            version: v1.2
+        reportDigest: uint64:1045709973763296907
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.18.0.tgz?raw=true
+        digests:
+            chart: sha256:bca63b8a5fd7083080effe38b5da54e413dd6da6778150590b1313d98e1e8b5a
+            package: 4d971920da45dc948fc57fcb216625c65b20b141c789f8348573c1e32d9a1c72
+        lastCertifiedTimestamp: "2023-09-11T12:29:00.41305-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.18.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.9.0
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.1-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.9.0-ubi
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+
diff --git a/tests/data/HC-19/report_edited_sha_bad/report.yaml b/tests/data/HC-19/report_edited_sha_bad/report.yaml
new file mode 100644
index 00000000000..a6ec9937a9b
--- /dev/null
+++ b/tests/data/HC-19/report_edited_sha_bad/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:15115294433749692156
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:29:52.704863-04:00"
+        testedOpenShiftVersion: "4.12"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/tests/data/HC-19/report_sha_bad/report.yaml b/tests/data/HC-19/report_sha_bad/report.yaml
new file mode 100644
index 00000000000..68ea3260292
--- /dev/null
+++ b/tests/data/HC-19/report_sha_bad/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:15115294433749691337
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:29:52.704863-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/tests/data/HC-19/report_sha_good/report.yaml b/tests/data/HC-19/report_sha_good/report.yaml
new file mode 100644
index 00000000000..cb766243f42
--- /dev/null
+++ b/tests/data/HC-19/report_sha_good/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:15115294433749692156
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:29:52.704863-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+
diff --git a/tests/data/README.md b/tests/data/README.md
new file mode 100644
index 00000000000..30da8f9e4bd
--- /dev/null
+++ b/tests/data/README.md
@@ -0,0 +1,124 @@
+# This document is created to guide us in case we need to regenerate the test data
+## It also captures traceability between tests and how the test data is generated
+
+### HC-01, HC-02, HC-03, HC-05, HC-07, HC-08, HC-12, HC-14, HC-16
+
+```
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true > report.yaml
+Copy report.yaml to tests/data/common/partner/
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true --set profile.vendorType=redhat > report.yaml
+Copy report.yaml to tests/data/common/redhat/
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true --set profile.vendorType=community > report.yaml
+Copy report.yaml to tests/data/common/community/
+
+```
+
+### HC-04
+
+```
+chart-verifier verify tests/data/common/vault-0.17.0.tgz > report.yaml
+Copy report.yaml to tests/data/HC-04/partner/
+
+chart-verifier verify tests/data/common/vault-0.17.0.tgz --set profile.vendorType=redhat > report.yaml
+Copy report.yaml to tests/data/HC-04/redhat/
+
+chart-verifier verify tests/data/common/vault-0.17.0.tgz --set profile.vendorType=community > report.yaml
+Copy report.yaml to tests/data/HC-04/community/
+```
+
+### HC-06
+
+```
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true --web-catalog-only > report.yaml
+Copy report.yaml to tests/data/HC-06/partner/
+```
+
+### HC-09
+
+```
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true -o json | jq . > report.json
+Copy report.json to tests/data/HC-09/partner/
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true --set profile.vendorType=redhat -o json | jq . > report.json
+Copy report.json to tests/data/HC-09/redhat/
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true --set profile.vendorType=community -o json | jq . > report.json
+Copy report.json to tests/data/HC-09/community/
+```
+
+### HC-11
+
+```
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true -x helm-lint > report.yaml
+Copy report.yaml to tests/data/HC-11/partner/
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true -x not-contains-crds > report.yaml
+Copy report.yaml to tests/data/HC-11/partner_not_contain_crds/
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true --set profile.vendorType=community -x helm-lint > report.yaml
+Copy report.yaml to tests/data/HC-11/community/
+```
+
+### HC-17
+
+```
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/psql-service-0.1.10-1.tgz?raw=true > report.yaml
+Copy report.yaml to tests/data/HC-17/dash-in-version/partner/
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/psql-service-0.1.10-1.tgz?raw=true --set profile.vendorType=redhat > report.yaml
+Copy report.yaml to tests/data/HC-17/dash-in-version/redhat/
+```
+
+### HC-18
+
+```
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.18.0.tgz?raw=true  > report.yaml
+Copy report.yaml to tests/data/HC-18/partner/
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.18.0.tgz?raw=true  --set profile.vendorType=redhat > report.yaml
+Copy report.yaml to tests/data/HC-18/redhat/
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.18.0.tgz?raw=true  --set profile.vendorType=community > report.yaml
+Copy report.yaml to tests/data/HC-18/community/
+
+```
+
+### HC-19
+
+```
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true > report.yaml
+Copy report.yaml to tests/data/HC-19/report_sha_good/
+Also modify the testedOpenShiftVersion value in report.yaml and copy to tests/data/HC-19/report_edited_sha_bad/
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true > report.yaml
+Modify the reportDigest value itself in report.yaml and copy to tests/data/HC-19/report_sha_bad/
+
+```
+
+### HC-10
+
+```
+Unpack the unsigned vault-0.17.0.tgz into vault/ directory
+
+Sign the chart using your private key and package it using below cmd:
+$ helm package --sign --key 'Sushanta Das' --keyring /home/susdas/.gnupg/secring.gpg vault/
+Password for key "Sushanta Das (Key generated in loaner laptop) <susdas@redhat.com>" >  
+Successfully packaged chart and saved it to: /home/susdas/go/src/github.com/tisutisu/development/tests/data/HC-10/signed_chart/vault-0.17.0.tgz
+$ 
+
+Verify the resulting chart tar and .prov file should be under tests/data/HC-10/signed_chart
+
+Also generate your public key and copy it into the same tests/data/HC-10/signed_chart directory using below cmd:
+gpg --export -a susdas@redhat.com > public_key_good.asc
+
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/HC-10/signed_chart/vault-0.17.0.tgz?raw=true -k tests/data/HC-10/signed_chart/public_key_good.asc > report.yaml
+Copy report.yaml to tests/data/HC-10/signed_chart/report/partner/
+
+chart-verifier verify https://github.com/openshift-helm-charts/development/blob/main/tests/data/HC-10/signed_chart/vault-0.17.0.tgz?raw=true -k tests/data/HC-10/signed_chart/public_key_good.asc --set profile.vendorType=redhat > report.yaml
+Copy report.yaml to tests/data/HC-10/signed_chart/report/redhat/
+
+```
+
diff --git a/tests/data/common/community/report.yaml b/tests/data/common/community/report.yaml
new file mode 100644
index 00000000000..8dc536d63b3
--- /dev/null
+++ b/tests/data/common/community/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: community
+            version: v1.2
+        reportDigest: uint64:4418111533202713217
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:23:19.160549-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contain-csi-objects
+      type: Optional
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Optional
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/not-contains-crds
+      type: Optional
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/required-annotations-present
+      type: Optional
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/contains-values
+      type: Optional
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Optional
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/is-helm-v3
+      type: Optional
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Optional
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.0/chart-testing
+      type: Optional
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/contains-test
+      type: Optional
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.1/has-kubeversion
+      type: Optional
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.1/images-are-certified
+      type: Optional
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+
diff --git a/tests/data/common/partner/report.yaml b/tests/data/common/partner/report.yaml
new file mode 100644
index 00000000000..914d884e678
--- /dev/null
+++ b/tests/data/common/partner/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: partner
+            version: v1.2
+        reportDigest: uint64:7407049884959662603
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:22:29.724879-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+
diff --git a/tests/data/common/redhat/report.yaml b/tests/data/common/redhat/report.yaml
new file mode 100644
index 00000000000..7aec61d7b27
--- /dev/null
+++ b/tests/data/common/redhat/report.yaml
@@ -0,0 +1,104 @@
+apiversion: v1
+kind: verify-report
+metadata:
+    tool:
+        verifier-version: 1.12.2
+        profile:
+            VendorType: redhat
+            version: v1.2
+        reportDigest: uint64:9397301599710212940
+        chart-uri: https://github.com/openshift-helm-charts/development/blob/main/tests/data/vault-0.17.0.tgz?raw=true
+        digests:
+            chart: sha256:d075d16bb33bb33f66cc6fb8af5cce935b647972de4b4af49be385fcce7bed05
+            package: 641f6c03aac5117eb679b341426adaa612829acc546c18e59c58ea1b45b2e513
+        lastCertifiedTimestamp: "2023-09-11T12:22:53.651364-04:00"
+        testedOpenShiftVersion: "4.13"
+        supportedOpenShiftVersions: '>=4.2'
+        webCatalogOnly: false
+    chart:
+        name: vault
+        home: https://www.vaultproject.io
+        sources:
+            - https://github.com/hashicorp/vault
+            - https://github.com/hashicorp/vault-helm
+            - https://github.com/hashicorp/vault-k8s
+            - https://github.com/hashicorp/vault-csi-provider
+        version: 0.17.0
+        description: Official HashiCorp Vault Chart
+        keywords:
+            - vault
+            - security
+            - encryption
+            - secrets
+            - management
+            - automation
+            - infrastructure
+        maintainers: []
+        icon: https://github.com/hashicorp/vault/raw/f22d202cde2018f9455dec755118a9b84586e082/Vault_PrimaryLogo_Black.png
+        apiversion: v2
+        condition: ""
+        tags: ""
+        appversion: 1.8.4
+        deprecated: false
+        annotations:
+            charts.openshift.io/name: vault
+        kubeversion: '>= 1.14.0-0'
+        dependencies: []
+        type: ""
+    chart-overrides: ""
+results:
+    - check: v1.0/not-contains-crds
+      type: Mandatory
+      outcome: PASS
+      reason: Chart does not contain CRDs
+    - check: v1.0/contains-test
+      type: Mandatory
+      outcome: PASS
+      reason: Chart test files exist
+    - check: v1.0/is-helm-v3
+      type: Mandatory
+      outcome: PASS
+      reason: API version is V2, used in Helm 3
+    - check: v1.0/required-annotations-present
+      type: Mandatory
+      outcome: PASS
+      reason: All required annotations present
+    - check: v1.0/not-contain-csi-objects
+      type: Mandatory
+      outcome: PASS
+      reason: CSI objects do not exist
+    - check: v1.0/chart-testing
+      type: Mandatory
+      outcome: PASS
+      reason: Chart tests have passed
+    - check: v1.1/has-kubeversion
+      type: Mandatory
+      outcome: PASS
+      reason: Kubernetes version specified
+    - check: v1.0/helm-lint
+      type: Mandatory
+      outcome: PASS
+      reason: Helm lint successful
+    - check: v1.0/contains-values-schema
+      type: Mandatory
+      outcome: PASS
+      reason: Values schema file exist
+    - check: v1.0/contains-values
+      type: Mandatory
+      outcome: PASS
+      reason: Values file exist
+    - check: v1.0/has-readme
+      type: Mandatory
+      outcome: PASS
+      reason: Chart has a README
+    - check: v1.1/images-are-certified
+      type: Mandatory
+      outcome: PASS
+      reason: |-
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault-k8s:0.14.0-ubi
+        Image is Red Hat certified : registry.connect.redhat.com/hashicorp/vault:1.8.4-ubi
+    - check: v1.0/signature-is-valid
+      type: Mandatory
+      outcome: SKIPPED
+      reason: 'Chart is not signed : Signature verification not required'
+
diff --git a/tests/data/psql-service-0.1.10-1.tgz b/tests/data/psql-service-0.1.10-1.tgz
new file mode 100644
index 00000000000..7e367393917
Binary files /dev/null and b/tests/data/psql-service-0.1.10-1.tgz differ
diff --git a/tests/data/vault-0.17.0.tgz b/tests/data/vault-0.17.0.tgz
new file mode 100644
index 00000000000..8764fb13367
Binary files /dev/null and b/tests/data/vault-0.17.0.tgz differ
diff --git a/tests/data/vault-0.18.0.tgz b/tests/data/vault-0.18.0.tgz
new file mode 100644
index 00000000000..3a37f059f2d
Binary files /dev/null and b/tests/data/vault-0.18.0.tgz differ
diff --git a/tests/data/vault-test-timeout-0.17.0.tgz b/tests/data/vault-test-timeout-0.17.0.tgz
new file mode 100644
index 00000000000..cd1a3493d0e
Binary files /dev/null and b/tests/data/vault-test-timeout-0.17.0.tgz differ
diff --git a/tests/functional/__init__.py b/tests/functional/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/tests/functional/behave_features/HC-01_chart_src_without_report.feature b/tests/functional/behave_features/HC-01_chart_src_without_report.feature
new file mode 100644
index 00000000000..01c83bfffa0
--- /dev/null
+++ b/tests/functional/behave_features/HC-01_chart_src_without_report.feature
@@ -0,0 +1,33 @@
+Feature: Chart source submission without report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in source format without a report.
+
+    Scenario Outline: [HC-01-001] A partner or redhat associate submits an error-free chart source
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free chart source is used in "<chart_path>"
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+    
+        @partners @smoke @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  |
+            | partners     | hashicorp | tests/data/vault-0.17.0.tgz |
+            
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  |
+            | redhat       | redhat    | tests/data/vault-0.17.0.tgz |
+
+    Scenario Outline: [HC-01-002] A community user submits an error-free chart source without report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free chart source is used in "<chart_path>"
+        When the user sends a pull request with the chart
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+
+        @community @full
+        Examples:
+            | vendor_type   | vendor    | chart_path                  | message                                                                                     |
+            | community     | redhat    | tests/data/vault-0.17.0.tgz | Community charts require maintainer review and approval, a review will be conducted shortly |
diff --git a/tests/functional/behave_features/HC-02_chart_tar_without_report.feature b/tests/functional/behave_features/HC-02_chart_tar_without_report.feature
new file mode 100644
index 00000000000..4fd4a9a4c70
--- /dev/null
+++ b/tests/functional/behave_features/HC-02_chart_tar_without_report.feature
@@ -0,0 +1,33 @@
+Feature: Chart tarball submission without report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in tarball format without a report.
+
+    Scenario Outline: [HC-02-001] A partner or redhat associate submits an error-free chart tarball
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free chart tarball is used in "<chart_path>"
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+
+        @partners @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                   |
+            | partners     | hashicorp | tests/data/vault-0.17.0.tgz  |
+        
+        @redhat @smoke @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                   |
+            | redhat       | redhat    | tests/data/vault-0.17.0.tgz  |
+
+    Scenario Outline: [HC-02-002] A community user submits an error-free chart tarball without report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free chart tarball is used in "<chart_path>"
+        When the user sends a pull request with the chart
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+
+        @community @full
+        Examples:
+            | vendor_type   | vendor    | chart_path                   | message                                                                                     |
+            | community     | redhat    | tests/data/vault-0.17.0.tgz  | Community charts require maintainer review and approval, a review will be conducted shortly |
diff --git a/tests/functional/behave_features/HC-03_chart_verifier_comes_back_with_failures.feature b/tests/functional/behave_features/HC-03_chart_verifier_comes_back_with_failures.feature
new file mode 100644
index 00000000000..690e41c2d6e
--- /dev/null
+++ b/tests/functional/behave_features/HC-03_chart_verifier_comes_back_with_failures.feature
@@ -0,0 +1,35 @@
+Feature: Chart verifier comes back with a failure
+  Partners, redhat or community user submit charts which does not contain README file
+
+  Scenario Outline: [HC-03-001] A partner or community user submits a chart which does not contain a readme file
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And chart source is used in "<chart_path>"
+    And README file is missing in the chart
+    When the user pushed the chart and created pull request
+    Then the pull request is not merged
+    And user gets the "<message>" in the pull request comment
+
+    @partners @smoke @full
+    Examples:
+        | vendor_type  | vendor    | chart_path                  | message                                                 | 
+        | partners     | hashicorp | tests/data/vault-0.17.0.tgz | Chart does not have a README                            |
+
+    @community @full
+    Examples:
+        | vendor_type  | vendor    | chart_path                  | message                                                 |
+        | community    | redhat    | tests/data/vault-0.17.0.tgz | Community charts require maintainer review and approval |
+
+  Scenario Outline: [HC-03-002] A redhat user submits a chart which does not contain a readme file
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And chart source is used in "<chart_path>"
+    And README file is missing in the chart
+    When the user pushed the chart and created pull request
+    Then the user sees the pull request is merged
+    And the index.yaml file is updated with an entry for the submitted chart with correct providerType
+    And a release is published with corresponding report and chart tarball
+  
+    @redhat @full
+    Examples:
+        | vendor_type  | vendor    | chart_path                  |
+        | redhat       | redhat    | tests/data/vault-0.17.0.tgz |
+
diff --git a/tests/functional/behave_features/HC-04_invalid_url_in_the_report.feature b/tests/functional/behave_features/HC-04_invalid_url_in_the_report.feature
new file mode 100644
index 00000000000..e9b01e21b90
--- /dev/null
+++ b/tests/functional/behave_features/HC-04_invalid_url_in_the_report.feature
@@ -0,0 +1,25 @@
+Feature: Report contains an invalid URL
+    Partners, redhat and community users submits only report with an invalid URL
+
+    Scenario Outline: [HC-04-001] A user submits a report with an invalid url
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And report is used in "<report_path>"
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+
+        @partners @smoke @full
+        Examples:
+            | vendor_type  | vendor    | report_path                          | message               |
+            | partners     | hashicorp | tests/data/HC-04/partner/report.yaml | Missing schema in URL |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | report_path                         | message               |
+            | redhat       | redhat    | tests/data/HC-04/redhat/report.yaml | Missing schema in URL |
+        
+        @community @full
+        Examples:
+            | vendor_type  | vendor    | report_path                            | message               |
+            | community    | redhat    | tests/data/HC-04/community/report.yaml | Missing schema in URL |
+            
diff --git a/tests/functional/behave_features/HC-05_pr_includes_a_file_which_is_not_chart_related.feature b/tests/functional/behave_features/HC-05_pr_includes_a_file_which_is_not_chart_related.feature
new file mode 100644
index 00000000000..567da35184f
--- /dev/null
+++ b/tests/functional/behave_features/HC-05_pr_includes_a_file_which_is_not_chart_related.feature
@@ -0,0 +1,25 @@
+Feature: PR includes a non chart related file
+  Partners, redhat or community user submit charts which includes a file which is not part of the chart
+
+  Scenario Outline: [HC-05-001] A user submits a chart with non chart related file
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And chart source is used in "<chart_path>"
+    And user adds a non chart related file
+    When the user sends a pull request with both chart and non related file
+    Then the pull request is not merged
+    And user gets the "<message>" in the pull request comment
+
+    @partners @smoke @full
+    Examples:
+        | vendor_type  | vendor    | chart_path                  | message                                             |
+        | partners     | hashicorp | tests/data/vault-0.17.0.tgz | PR includes one or more files not related to charts |
+    
+    @redhat @full
+    Examples:
+        | vendor_type  | vendor    | chart_path                  | message                                             |
+        | redhat       | redhat    | tests/data/vault-0.17.0.tgz | PR includes one or more files not related to charts |
+    
+    @community @full
+    Examples:
+        | vendor_type  | vendor    | chart_path                  | message                                             |
+        | community    | redhat    | tests/data/vault-0.17.0.tgz | PR includes one or more files not related to charts |
diff --git a/tests/functional/behave_features/HC-06_provider_delivery_control.feature b/tests/functional/behave_features/HC-06_provider_delivery_control.feature
new file mode 100644
index 00000000000..c4fb4073117
--- /dev/null
+++ b/tests/functional/behave_features/HC-06_provider_delivery_control.feature
@@ -0,0 +1,47 @@
+Feature: Report only submission with provider control settings
+  Partners can prevent publication of their chart by submitting
+  error-free report that was generated by chart-verifier and with
+  prvider controlled delivery set in the report and the OWNERS file.
+
+  @external-feedback
+  Scenario Outline: [HC-06-001] A partner associate submits an error-free report with provider controlled delivery
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And provider delivery control is set to "<provider_control_owners>" in the OWNERS file
+    And report is used in "<report_path>"
+    When the user sends a pull request with the report
+    Then the user sees the pull request is merged
+    And the "<index_file>" is updated with an entry for the submitted chart
+
+    @partners @smoke @full
+    Examples:
+      | vendor_type  | vendor    | report_path                             | index_file                        | provider_control_owners |
+      | partners     | hashicorp | tests/data/HC-06/partner/report.yaml    | unpublished-certified-charts.yaml | true                    |
+
+  @external-feedback 
+  Scenario Outline: [HC-06-002] A partner associate submits an error-free report and chart with provider controlled delivery
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And provider delivery control is set to "<provider_control_owners>" in the OWNERS file
+    And an error-free chart tarball used in "<chart_path>" and report in "<report_path>"
+    When the user sends a pull request with the report
+    Then the pull request is not merged
+    And user gets the "<message>" in the pull request comment
+
+    @partners @full
+    Examples:
+      | vendor_type  | vendor    | chart_path                  | report_path                          | provider_control_owners | message                                                                                              |
+      | partners     | hashicorp | tests/data/vault-0.17.0.tgz | tests/data/HC-06/partner/report.yaml | true                    | The web catalog distribution method requires the pull request to be report only. |
+
+  @external-feedback
+  Scenario Outline: [HC-06-003] A partner associate submits an error-free report with inconsistent provider controlled delivery setting
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And provider delivery control is set to "<provider_control_owners>" in the OWNERS file
+    And report is used in "<report_path>"
+    When the user sends a pull request with the report
+    Then the pull request is not merged
+    And user gets the "<message>" in the pull request comment
+
+    @partners @full
+    Examples:
+      | vendor_type  | vendor    | report_path                            | provider_control_owners | message                                                                 |
+      | partners     | hashicorp | tests/data/common/partner/report.yaml  | true                    | The web catalog distribution method is set for the chart but is not set in the report. |
+      | partners     | hashicorp | tests/data/HC-06/partner/report.yaml   | false                   | Report indicates web catalog only but the distribution method set for the chart is not web catalog only. |
diff --git a/tests/functional/behave_features/HC-07_report_and_chart_src.feature b/tests/functional/behave_features/HC-07_report_and_chart_src.feature
new file mode 100644
index 00000000000..1a84eb63b15
--- /dev/null
+++ b/tests/functional/behave_features/HC-07_report_and_chart_src.feature
@@ -0,0 +1,33 @@
+Feature: Chart source submission with report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in source format with a report.
+
+    Scenario Outline: [HC-07-001] A partner or redhat associate submits an error-free chart source with report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free chart source used in "<chart_path>" and report in "<report_path>"
+        When the user sends a pull request with the chart and report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+
+        @partners @smoke @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | report_path                           |
+            | partners     | hashicorp | tests/data/vault-0.17.0.tgz | tests/data/common/partner/report.yaml |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | report_path                          |
+            | redhat       | redhat    | tests/data/vault-0.17.0.tgz | tests/data/common/redhat/report.yaml |
+
+    Scenario Outline: [HC-07-002] A community user submits an error-free chart source with report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free chart source used in "<chart_path>" and report in "<report_path>"
+        When the user sends a pull request with the chart and report
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+
+        @community @smoke @full
+        Examples:
+            | vendor_type | vendor  | chart_path                  | report_path                             | message                                                                                     |
+            | community   | redhat  | tests/data/vault-0.17.0.tgz | tests/data/common/community/report.yaml | Community charts require maintainer review and approval, a review will be conducted shortly |
diff --git a/tests/functional/behave_features/HC-08_report_and_chart_tar.feature b/tests/functional/behave_features/HC-08_report_and_chart_tar.feature
new file mode 100644
index 00000000000..7096d632957
--- /dev/null
+++ b/tests/functional/behave_features/HC-08_report_and_chart_tar.feature
@@ -0,0 +1,33 @@
+Feature: Chart tarball submission with report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in tarball format with a report.
+
+    Scenario Outline: [HC-08-001] A partner or redhat associate submits an error-free chart tarball with report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free chart tarball used in "<chart_path>" and report in "<report_path>"
+        When the user sends a pull request with the chart and report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+
+        @partners @smoke @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | report_path                           |
+            | partners     | hashicorp | tests/data/vault-0.17.0.tgz | tests/data/common/partner/report.yaml |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | report_path                          |
+            | redhat       | redhat    | tests/data/vault-0.17.0.tgz | tests/data/common/redhat/report.yaml |
+    
+    Scenario Outline: [HC-08-002] A community user submits an error-free chart tarball with report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free chart tarball used in "<chart_path>" and report in "<report_path>"
+        When the user sends a pull request with the chart and report
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+
+        @community @smoke @full
+        Examples:
+            | vendor_type | vendor | chart_path                  | report_path                             | message                                                                                     |
+            | community   | redhat | tests/data/vault-0.17.0.tgz | tests/data/common/community/report.yaml | Community charts require maintainer review and approval, a review will be conducted shortly |
diff --git a/tests/functional/behave_features/HC-09_report_in_json_format.feature b/tests/functional/behave_features/HC-09_report_in_json_format.feature
new file mode 100644
index 00000000000..fd3abe4a5a7
--- /dev/null
+++ b/tests/functional/behave_features/HC-09_report_in_json_format.feature
@@ -0,0 +1,27 @@
+Feature: Report only submission in json format
+    If partners, redhat and community users try to publish chart by submitting report 
+    in json format then will receive an error message
+
+    Scenario Outline: [HC-09-001] An user submits a report in json format
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And report is used in "<report_path>"
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        #this step is failing currently https://issues.redhat.com/browse/HELM-396
+        And user gets the "<message>" in the pull request comment
+    
+        @partners
+        Examples:
+            | vendor_type  | vendor    | report_path                          | message                                                         |
+            | partners     | hashicorp | tests/data/HC-09/partner/report.json | One of these must be modified: report, chart source, or tarball |
+
+        @redhat
+        Examples:
+            | vendor_type  | vendor    | report_path                         | message                                                         |
+            | redhat       | redhat    | tests/data/HC-09/redhat/report.json | One of these must be modified: report, chart source, or tarball |
+        
+        @community
+        Examples:
+            | vendor_type  | vendor    | report_path                            | message                                                         |
+            | community    | redhat    | tests/data/HC-09/community/report.json | One of these must be modified: report, chart source, or tarball |
+    
diff --git a/tests/functional/behave_features/HC-10_signed_chart.feature b/tests/functional/behave_features/HC-10_signed_chart.feature
new file mode 100644
index 00000000000..5cd2907f1a0
--- /dev/null
+++ b/tests/functional/behave_features/HC-10_signed_chart.feature
@@ -0,0 +1,111 @@
+Feature: Signed chart submission
+    Partners or redhat users can publish their signed chart
+
+    Scenario Outline: [HC-10-001] A partner or redhat associate submits a signed chart tarball without report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And a signed chart tarball is used in "<chart_path>" and public key in "<public_key_file>"
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report, tarball, prov and key
+
+        @partners @smoke @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                                     | public_key_file                                   |
+            | partners     | hashicorp | tests/data/HC-10/signed_chart/vault-0.17.0.tgz | tests/data/HC-10/signed_chart/public_key_good.asc |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                                     | public_key_file                                   |
+            | redhat       | redhat    | tests/data/HC-10/signed_chart/vault-0.17.0.tgz | tests/data/HC-10/signed_chart/public_key_good.asc |
+
+    Scenario Outline: [HC-10-002] A partner or redhat associate submits a signed chart tarball with report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And a signed chart tar is used in "<chart_path>", report in "<report_path>" and public key in "<public_key_file>"
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report, tarball, prov and key
+
+        @partners @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                                     | report_path                                              | public_key_file                                   |
+            | partners     | hashicorp | tests/data/HC-10/signed_chart/vault-0.17.0.tgz | tests/data/HC-10/signed_chart/report/partner/report.yaml | tests/data/HC-10/signed_chart/public_key_good.asc |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                                     | report_path                                             | public_key_file                                   |
+            | redhat       | redhat    | tests/data/HC-10/signed_chart/vault-0.17.0.tgz | tests/data/HC-10/signed_chart/report/redhat/report.yaml | tests/data/HC-10/signed_chart/public_key_good.asc |
+    
+    Scenario Outline: [HC-10-003] A partner or redhat associate submits a signed chart report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And signed chart report used in "<report_path>" and public key in "<public_key_file>"
+        When the user sends a pull request with the report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and key
+
+        @partners @smoke @full
+        Examples:
+            | vendor_type  | vendor    | report_path                                              | public_key_file                                   |
+            | partners     | hashicorp | tests/data/HC-10/signed_chart/report/partner/report.yaml | tests/data/HC-10/signed_chart/public_key_good.asc |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | report_path                                             | public_key_file                                   |
+            | redhat       | redhat    | tests/data/HC-10/signed_chart/report/redhat/report.yaml | tests/data/HC-10/signed_chart/public_key_good.asc |
+    
+    Scenario Outline: [HC-10-004] A partner or redhat associate submits an unsigned chart tarball
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And unsigned chart tarball is used in "<chart_path>" and public key used "<public_key_file>" in owners
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+
+        @partners @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | public_key_file                                   |
+            | partners     | hashicorp | tests/data/vault-0.17.0.tgz | tests/data/HC-10/signed_chart/public_key_good.asc |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | public_key_file                                   |
+            | redhat       | redhat    | tests/data/vault-0.17.0.tgz | tests/data/HC-10/signed_chart/public_key_good.asc |
+    
+    Scenario Outline: [HC-10-005] A partner or redhat associate submits a signed chart tarball when public key is not in owners
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And signed chart tar used in "<chart_path>"
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report, chart tar and prov file
+
+        @partners @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                                     | 
+            | partners     | hashicorp | tests/data/HC-10/signed_chart/vault-0.17.0.tgz | 
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                                     | 
+            | redhat       | redhat    | tests/data/HC-10/signed_chart/vault-0.17.0.tgz |
+    
+    Scenario Outline: [HC-10-006] A partner or redhat associate submits a signed chart tarball with wrong key in OWNERS file
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And a signed chart tarball is used in "<chart_path>" and public key in "<public_key_file>"
+        When the user sends a pull request with the chart
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+
+        @partners @smoke @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                                     | public_key_file                                  | message                       |
+            | partners     | hashicorp | tests/data/HC-10/signed_chart/vault-0.17.0.tgz | tests/data/HC-10/signed_chart/public_key_bad.asc | Signature verification failed |
+        
+        # @redhat @full
+        # Examples:
+        #     | vendor_type  | vendor    | chart_path                                     | public_key_file                                  | message                       | 
+        #     | redhat       | redhat    | tests/data/HC-10/signed_chart/vault-0.17.0.tgz | tests/data/HC-10/signed_chart/public_key_bad.asc | Signature verification failed |
+
+
diff --git a/tests/functional/behave_features/HC-11_report_with_missing_checks.feature b/tests/functional/behave_features/HC-11_report_with_missing_checks.feature
new file mode 100644
index 00000000000..d6a65e193fb
--- /dev/null
+++ b/tests/functional/behave_features/HC-11_report_with_missing_checks.feature
@@ -0,0 +1,26 @@
+Feature: Report does not include a check
+    Partners, redhat and community users submits only report which does not include full set of checks
+    
+    Scenario Outline: [HC-11-001] A user submits a report with missing checks
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And report is used in "<report_path>"
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+
+        @partners @smoke @full
+        Examples:
+            | vendor_type  | vendor    | report_path                          | message                                  |
+	        | partners     | hashicorp | tests/data/HC-11/partner/report.yaml | Missing mandatory check : v1.0/helm-lint |
+	      
+        @community @full
+        Examples:
+            | vendor_type  | vendor    | report_path                            | message                                  |
+            | community    | redhat    | tests/data/HC-11/community/report.yaml | Missing mandatory check : v1.0/helm-lint |
+	      
+        @partners @full
+        Examples:
+            | vendor_type  | vendor    | report_path                                           | message                                          |
+            | partners     | hashicorp | tests/data/HC-11/partner_not_contain_crds/report.yaml | Missing mandatory check : v1.0/not-contains-crds |
+            # Commented this scenario, since it is failing , raised bug : https://issues.redhat.com/browse/HELM-289 , we can uncomment again when the issue fixed 
+	          #| redhat       | redhat    | tests/data/report.yaml |v1.0/helm-lint          | Missing mandatory check : v1.0/helm-lint           |
\ No newline at end of file
diff --git a/tests/functional/behave_features/HC-12_report_without_chart.feature b/tests/functional/behave_features/HC-12_report_without_chart.feature
new file mode 100644
index 00000000000..8cfe1699b50
--- /dev/null
+++ b/tests/functional/behave_features/HC-12_report_without_chart.feature
@@ -0,0 +1,33 @@
+Feature: Report only submission
+    Partners, redhat and community users can publish their chart by submitting
+    error-free report that was generated by chart-verifier.
+
+    Scenario Outline: [HC-12-001] A partner or redhat associate submits an error-free report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free report is used in "<report_path>"
+        When the user sends a pull request with the report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with report only
+    
+        @partners @smoke @full
+        Examples:
+            | vendor_type  | vendor    | report_path                           |
+            | partners     | hashicorp | tests/data/common/partner/report.yaml |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | report_path                          |
+            | redhat       | redhat    | tests/data/common/redhat/report.yaml |
+
+    Scenario Outline: [HC-12-002] A community user submits an error-free report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free report is used in "<report_path>"
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+
+        @community @smoke @full
+        Examples:
+            | vendor_type | vendor  | report_path                             | message                                                                                     |
+            | community   | redhat  | tests/data/common/community/report.yaml | Community charts require maintainer review and approval, a review will be conducted shortly |
\ No newline at end of file
diff --git a/tests/functional/behave_features/HC-14_user_submits_chart_with_errors.feature b/tests/functional/behave_features/HC-14_user_submits_chart_with_errors.feature
new file mode 100644
index 00000000000..5e4a1a697e9
--- /dev/null
+++ b/tests/functional/behave_features/HC-14_user_submits_chart_with_errors.feature
@@ -0,0 +1,64 @@
+Feature: Chart submission with errors
+  Partners, redhat or community user submit charts which result in errors
+
+  Scenario Outline: [HC-14-001] An unauthorized user submits a chart
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And A "<user>" wants to submit a chart in "<chart_path>"
+    And the user creates a branch to add a new chart version
+    When the user sends a pull request with the chart
+    Then the pull request is not merged
+    And user gets the "<message>" in the pull request comment
+
+    @partners @smoke @full
+    Examples:
+      | vendor_type  | vendor    | chart_path                  | message                                          | user         |
+      | partners     | hashicorp | tests/data/vault-0.17.0.tgz | is not allowed to submit the chart on behalf of  | unauthorized |
+    
+    @redhat @full
+    Examples:
+      | vendor_type  | vendor    | chart_path                  | message                                          | user         |
+      | redhat       | redhat    | tests/data/vault-0.17.0.tgz | is not allowed to submit the chart on behalf of  | unauthorized |
+    
+    @community @full
+    Examples:
+      | vendor_type  | vendor    | chart_path                  | message                                          | user         |
+      | community    | redhat    | tests/data/vault-0.17.0.tgz | is not allowed to submit the chart on behalf of  | unauthorized |
+
+  Scenario Outline: [HC-14-002] An authorized user submits a chart with incorrect version
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And An authorized user wants to submit a chart in "<chart_path>"
+    And Chart.yaml specifies a "<bad_version>"
+    And the user creates a branch to add a new chart version
+    When the user sends a pull request with the chart
+    Then the pull request is not merged
+    And user gets the "<message>" in the pull request comment
+
+    @partners @smoke @full
+    Examples:
+      | vendor_type  | vendor    | chart_path                  | message                               | bad_version | 
+      | partners     | hashicorp | tests/data/vault-0.17.0.tgz | doesn't match the directory structure | 9.9.9       |
+      | partners     | hashicorp | tests/data/vault-0.17.0.tgz | The chart verifier returned an error  | abc-9.9.9       |
+
+    @redhat @full
+    Examples:
+      | vendor_type  | vendor    | chart_path                  | message                               | bad_version |
+      | redhat       | redhat    | tests/data/vault-0.17.0.tgz | doesn't match the directory structure | 9.9.9       |
+    
+    @community @full
+    Examples:
+      | vendor_type  | vendor    | chart_path                  | message                               | bad_version |
+      | community    | redhat    | tests/data/vault-0.17.0.tgz | doesn't match the directory structure | 9.9.9       |
+    
+  Scenario Outline: [HC-14-003] A user submits a chart with bad semantic version 
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And a chart source used in "<chart_path>" and directory structure contains "<bad_version>"
+    And Chart.yaml specifies a "<bad_version>"
+    And the user creates a branch to add a new chart version
+    When the user sends a pull request with the chart
+    Then the pull request is not merged
+    And user gets the "<message>" in the pull request comment
+
+    @partners @smoke @full
+    Examples:
+      | vendor_type  | vendor    | chart_path                  | message                                            | bad_version |
+      | partners     | hashicorp | tests/data/vault-0.17.0.tgz | Helm chart version is not a valid semantic version | abc-0.17.0  |
diff --git a/tests/functional/behave_features/HC-15_check_submitted_charts.feature b/tests/functional/behave_features/HC-15_check_submitted_charts.feature
new file mode 100644
index 00000000000..8fea2fe2f2a
--- /dev/null
+++ b/tests/functional/behave_features/HC-15_check_submitted_charts.feature
@@ -0,0 +1,16 @@
+Feature: Check submitted charts
+    New Openshift or chart-verifier will trigger (automatically or manually) a recursive checking on
+    existing submitted charts under `charts/` directory with the specified Openshift and chart-verifier
+    version.
+
+    Besides, during workflow development, engineers would like to check if the changes will break checks
+    on existing submitted charts.
+
+    @version-change
+    Scenario: [HC-15-001] A new Openshift or chart-verifier version is specified either by a cron job or manually
+        Given there is a github workflow for testing existing charts
+        When workflow for testing existing charts is triggered
+        And a new Openshift or chart-verifier version is specified
+        And the vendor type is specified, e.g. partner, and/or redhat
+        Then submission tests are run for existing charts
+        And all results are reported back to the caller
diff --git a/tests/functional/behave_features/HC-16_chart_test_takes_more_than_30mins.feature b/tests/functional/behave_features/HC-16_chart_test_takes_more_than_30mins.feature
new file mode 100644
index 00000000000..27973bec37f
--- /dev/null
+++ b/tests/functional/behave_features/HC-16_chart_test_takes_more_than_30mins.feature
@@ -0,0 +1,33 @@
+Feature: Chart test takes longer time and exceeds default timeout
+  Partners, redhat or community user submit charts which result in errors
+
+  Scenario Outline: [HC-16-001] A partner or community user submits chart that takes more than 30 mins
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And an error-free chart tarball is used in "<chart_path>"
+    When the user sends a pull request with the chart
+    Then the pull request is not merged
+    And user gets the "<message>" in the pull request comment
+
+    @partners @full
+    Examples:
+      | vendor_type  | vendor    | chart_path                                  | message                                                      |
+      | partners     | hashicorp | tests/data/vault-test-timeout-0.17.0.tgz    | (timeout has expired\|timed out waiting for the condition)  |
+    
+    @community @full
+    Examples:
+      | vendor_type  | vendor    | chart_path                                  | message                                                                                     |
+      | community    | redhat    | tests/data/vault-test-timeout-0.17.0.tgz    | Community charts require maintainer review and approval, a review will be conducted shortly |
+  
+  Scenario Outline: [HC-16-002] A redhat associate submits a chart that takes more than 30 mins
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free chart tarball is used in "<chart_path>"
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+    
+    @redhat @full
+    Examples:
+      | vendor_type | vendor | chart_path                                  | 
+      | redhat      | redhat | tests/data/vault-test-timeout-0.17.0.tgz    | 
+
diff --git a/tests/functional/behave_features/HC-17_dash_in_version.feature b/tests/functional/behave_features/HC-17_dash_in_version.feature
new file mode 100644
index 00000000000..7431fce613b
--- /dev/null
+++ b/tests/functional/behave_features/HC-17_dash_in_version.feature
@@ -0,0 +1,21 @@
+Feature: Report only submission
+    Partners, redhat and community users can publish their chart by submitting
+    error-free report that was generated by chart-verifier.
+
+    Scenario Outline: [HC-17-001] A partner or redhat associate submits report only with dash in chart version
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And an error-free report is used in "<report_path>"
+        When the user sends a pull request with the report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+
+        @partners @full
+        Examples:
+            | vendor_type  | vendor    | report_path                                          |
+            | partners     | redhat    | tests/data/HC-17/dash-in-version/partner/report.yaml |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | report_path                                          |
+            | redhat       | redhat    | tests/data/HC-17/dash-in-version/redhat/report.yaml  |
+
diff --git a/tests/functional/behave_features/HC-18_multiple_charts_in_pr.feature b/tests/functional/behave_features/HC-18_multiple_charts_in_pr.feature
new file mode 100644
index 00000000000..f27075c0c5f
--- /dev/null
+++ b/tests/functional/behave_features/HC-18_multiple_charts_in_pr.feature
@@ -0,0 +1,113 @@
+Feature: Multiple charts submission in one PR
+    If partners, redhat and community users try to submit multiple charts in one single PR
+    they will get an appropriate error message
+
+    Scenario Outline: [HC-18-001] A user submits a PR with multiple reports
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And user wants to send two reports as in "<report_path_1>" and "<report_path_2>"
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+    
+        @partners @full @smoke
+        Examples:
+            | vendor_type  | vendor    | report_path_1                         | report_path_2                        | message                                                                         |
+            | partners     | hashicorp | tests/data/common/partner/report.yaml | tests/data/HC-18/partner/report.yaml | A PR must contain only one chart. Current PR includes files for multiple charts |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | report_path_1                        | report_path_2                       | message                                                                         |
+            | redhat       | redhat    | tests/data/common/redhat/report.yaml | tests/data/HC-18/redhat/report.yaml | A PR must contain only one chart. Current PR includes files for multiple charts |
+        
+        @community @full
+        Examples:
+            | vendor_type  | vendor    | report_path_1                           | report_path_2                          | message                                                                         |
+            | community    | redhat    | tests/data/common/community/report.yaml | tests/data/HC-18/community/report.yaml | A PR must contain only one chart. Current PR includes files for multiple charts |
+
+    Scenario Outline: [HC-18-002] A user submits a PR with multiple chart sources
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And user wants to send two chart sources as in "<chart_path_1>" and "<chart_path_2>"
+        When the user sends a pull request with the chart
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+    
+        @partners @full
+        Examples:
+            | vendor_type  | vendor    | chart_path_1                | chart_path_2                | message                                                                         |
+            | partners     | hashicorp | tests/data/vault-0.17.0.tgz | tests/data/vault-0.18.0.tgz | A PR must contain only one chart. Current PR includes files for multiple charts |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | chart_path_1                | chart_path_2                | message                                                                         |
+            | redhat       | redhat    | tests/data/vault-0.17.0.tgz | tests/data/vault-0.18.0.tgz | A PR must contain only one chart. Current PR includes files for multiple charts |
+        
+        @community @full
+        Examples:
+            | vendor_type  | vendor    | chart_path_1                | chart_path_2                | message                                                                         |
+            | community    | redhat    | tests/data/vault-0.17.0.tgz | tests/data/vault-0.18.0.tgz | A PR must contain only one chart. Current PR includes files for multiple charts |
+
+    Scenario Outline: [HC-18-003] A user submits a PR with multiple chart tars
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And user wants to send two chart tars as in "<chart_path_1>" and "<chart_path_2>"
+        When the user sends a pull request with the chart
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+    
+        @partners @full
+        Examples:
+            | vendor_type  | vendor    | chart_path_1                | chart_path_2                | message                                                                         |
+            | partners     | hashicorp | tests/data/vault-0.17.0.tgz | tests/data/vault-0.18.0.tgz | A PR must contain only one chart. Current PR includes files for multiple charts |
+        
+        @redhat @full @smoke
+        Examples:
+            | vendor_type  | vendor    | chart_path_1                | chart_path_2                | message                                                                         |
+            | redhat       | redhat    | tests/data/vault-0.17.0.tgz | tests/data/vault-0.18.0.tgz | A PR must contain only one chart. Current PR includes files for multiple charts |
+        
+        @community @full
+        Examples:
+            | vendor_type  | vendor    | chart_path_1                | chart_path_2                | message                                                                         |
+            | community    | redhat    | tests/data/vault-0.17.0.tgz | tests/data/vault-0.18.0.tgz | A PR must contain only one chart. Current PR includes files for multiple charts |
+    
+    Scenario Outline: [HC-18-004] A user submits a PR with multiple chart one with source and other with report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And user wants to send two charts one with source "<chart_path>" and other with report "<report_path>"
+        When the user sends a pull request with the chart and report
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+    
+        @partners @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | report_path                          | message                                                                         |
+            | partners     | hashicorp | tests/data/vault-0.17.0.tgz | tests/data/HC-18/partner/report.yaml | A PR must contain only one chart. Current PR includes files for multiple charts |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | report_path                         | message                                                                         |
+            | redhat       | redhat    | tests/data/vault-0.17.0.tgz | tests/data/HC-18/redhat/report.yaml | A PR must contain only one chart. Current PR includes files for multiple charts |
+        
+        @community @full @smoke
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | report_path                            | message                                                                         |
+            | community    | redhat    | tests/data/vault-0.17.0.tgz | tests/data/HC-18/community/report.yaml | A PR must contain only one chart. Current PR includes files for multiple charts |
+
+    Scenario Outline: [HC-18-005] A user submits a PR with multiple chart one with tar and other with report
+        Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+        And user wants to send two charts one with tar "<chart_path>" and other with report "<report_path>"
+        When the user sends a pull request with the chart and report
+        Then the pull request is not merged
+        And user gets the "<message>" in the pull request comment
+    
+        @partners @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | report_path                          | message                                                                         |
+            | partners     | hashicorp | tests/data/vault-0.17.0.tgz | tests/data/HC-18/partner/report.yaml | A PR must contain only one chart. Current PR includes files for multiple charts |
+        
+        @redhat @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | report_path                         | message                                                                         |
+            | redhat       | redhat    | tests/data/vault-0.17.0.tgz | tests/data/HC-18/redhat/report.yaml | A PR must contain only one chart. Current PR includes files for multiple charts |
+        
+        @community @full
+        Examples:
+            | vendor_type  | vendor    | chart_path                  | report_path                            | message                                                                         |
+            | community    | redhat    | tests/data/vault-0.17.0.tgz | tests/data/HC-18/community/report.yaml | A PR must contain only one chart. Current PR includes files for multiple charts |
diff --git a/tests/functional/behave_features/HC-19_report_sha.feature b/tests/functional/behave_features/HC-19_report_sha.feature
new file mode 100644
index 00000000000..6abcb04fd18
--- /dev/null
+++ b/tests/functional/behave_features/HC-19_report_sha.feature
@@ -0,0 +1,34 @@
+Feature: Report sha value in report
+  Users attempt to publish their chart by submitting report with a report sha value.
+  The sha value must match the report.
+
+  Scenario Outline: [HC-19-001] A partner or redhat associate submits an error-free report with report sha value
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And an error-free report is used in "<report_path>"
+    When the user sends a pull request with the report
+    Then the user sees the pull request is merged
+    And the index.yaml file is updated with an entry for the submitted chart
+
+    @partners @full @reportSha
+    Examples:
+      | vendor_type  | vendor    | report_path               |
+      | partners     | hashicorp | tests/data/HC-19/report_sha_good/report.yaml    |
+
+
+
+  Scenario Outline: [HC-19-002] A partner or redhat associate submits a report with invalid report sha value
+    Given the vendor "<vendor>" has a valid identity as "<vendor_type>"
+    And an error-free report is used in "<report_path>"
+    When the user sends a pull request with the report
+    Then the pull request is not merged
+    And user gets the "<message>" in the pull request comment
+
+    @partners @full @smoke @reportSha
+    Examples:
+      | vendor_type  | vendor    | report_path                                          | message                                         |
+      | partners     | hashicorp | tests/data/HC-19/report_sha_bad/report.yaml          | digest in report did not match report content  |
+
+    @partners @full @reportSha
+    Examples:
+      | vendor_type  | vendor    | report_path                                          | message                                         |
+      | partners     | hashicorp | tests/data/HC-19/report_edited_sha_bad/report.yaml   | digest in report did not match report content  |
diff --git a/tests/functional/behave_features/common/__init__.py b/tests/functional/behave_features/common/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/tests/functional/behave_features/common/utils/__init__.py b/tests/functional/behave_features/common/utils/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/tests/functional/behave_features/common/utils/chart.py b/tests/functional/behave_features/common/utils/chart.py
new file mode 100644
index 00000000000..8f1e859af70
--- /dev/null
+++ b/tests/functional/behave_features/common/utils/chart.py
@@ -0,0 +1,190 @@
+# -*- coding: utf-8 -*-
+"""Utility module for processing chart files."""
+
+import os
+import tarfile
+import yaml
+import shutil
+import json
+from enum import Enum
+from dataclasses import dataclass
+
+
+class Chart_Type(Enum):
+    SRC = 1
+    TAR = 2
+    REPORT = 3
+    SRC_AND_REPORT = 4
+    TAR_AND_REPORT = 5
+
+
+class Release_Type(Enum):
+    CHART_ONLY = 1
+    REPORT_ONLY = 2
+    CHART_AND_REPORT = 3
+    REPORT_AND_KEY = 4
+    CHART_PROV_AND_REPORT = 5
+    CHART_REPORT_PROV_AND_KEY = 6
+
+
+@dataclass
+class Chart:
+    chart_file_path: str = ""
+    report_file_path: str = ""
+    chart_name: str = ""
+    chart_version: str = ""
+    chart_directory: str = ""
+    chart_type: Chart_Type = None
+
+    def update_chart_directory(self, secrets):
+        base_branch_without_uuid = "-".join(secrets.base_branch.split("-")[:-1])
+        vendor_without_suffix = secrets.vendor.split("-")[0]
+        secrets.base_branch = f"{base_branch_without_uuid}-{secrets.vendor_type}-{vendor_without_suffix}-{self.chart_name}-{self.chart_version}"
+        secrets.pr_branch = f"{secrets.base_branch}-pr-branch"
+        self.chart_directory = (
+            f"charts/{secrets.vendor_type}/{secrets.vendor}/{self.chart_name}"
+        )
+
+
+def get_name_and_version_from_report(path):
+    """
+    Parameters:
+    path (str): path to the report.yaml
+
+    Returns:
+    str: chart name
+    str: chart version
+    """
+    if path.endswith("yaml"):
+        with open(path, "r") as fd:
+            try:
+                report = yaml.safe_load(fd)
+            except yaml.YAMLError as err:
+                raise AssertionError(f"error parsing '{path}': {err}")
+    elif path.endswith("json"):
+        with open(path, "r") as fd:
+            try:
+                report = json.load(fd)
+            except Exception as err:
+                raise AssertionError(f"error parsing '{path}': {err}")
+    else:
+        raise AssertionError("Unknown report type")
+    chart = report["metadata"]["chart"]
+    return chart["name"], chart["version"]
+
+
+def get_name_and_version_from_chart_tar(path):
+    """
+    Parameters:
+    path (str): path to the chart tar file
+
+    Returns:
+    str: chart name
+    str: chart version
+    """
+    tar = tarfile.open(path)
+    for member in tar.getmembers():
+        if member.name.split("/")[-1] == "Chart.yaml":
+            chart = tar.extractfile(member)
+            if chart is not None:
+                content = chart.read()
+                try:
+                    chart_yaml = yaml.safe_load(content)
+                    return chart_yaml["name"], chart_yaml["version"]
+                except yaml.YAMLError as err:
+                    raise AssertionError(f"error parsing '{path}': {err}")
+    else:
+        raise AssertionError(f"Chart.yaml not in {path}")
+
+
+def get_name_and_version_from_chart_src(path):
+    """
+    Parameters:
+    path (str): path to the chart src directory
+
+    Returns:
+    str: chart name
+    str: chart version
+    """
+    chart_path = os.path.join(path, "Chart.yaml")
+    with open(chart_path, "r") as fd:
+        try:
+            chart_yaml = yaml.safe_load(fd)
+        except yaml.YAMLError as err:
+            raise AssertionError(f"error parsing '{path}': {err}")
+    return chart_yaml["name"], chart_yaml["version"]
+
+
+def extract_chart_tgz(src, dst, chart_name, logger):
+    """Extracts the chart tgz file into the target location under 'charts/' for PR submission tests
+
+    Parameters:
+    src (str): path to the test chart tgz
+    dst (str): path to the extract destination, e.g. 'charts/partners/hashicorp/vault/0.13.0'
+    """
+    try:
+        logger.info(f"Remove existing local '{dst}/src'")
+        shutil.rmtree(f"{dst}/src")
+    except FileNotFoundError:
+        logger.info(f"'{dst}/src' does not exist")
+    finally:
+        with tarfile.open(src, "r") as fd:
+            fd.extractall(dst)
+            os.rename(f"{dst}/{chart_name}", f"{dst}/src")
+
+
+def get_all_charts(charts_path: str, vendor_types: str) -> list:
+    # TODO: Support `community` as vendor_type.
+    """Gets charts with src or tgz under `charts/` given vendor_types and without report.
+
+    Parameters:
+    charts_path (str): path to the `charts/` directory
+    vendor_types (str): vendor type to look for, any combination of `partner`, `redhat`, separated
+        by commas, or `all` to run both `partner` and `redhat`.
+
+    Returns:
+    list: list of (vendor_type, vendor, chart_name, chart_version) tuples
+    """
+    ret = []
+    # Pre-process vendor types
+    vendor_types = vendor_types.replace("partner", "partners")
+    vendor_types = [vt.strip() for vt in vendor_types.split(",")]
+    vendor_types = list({"partners", "redhat", "all"}.intersection(set(vendor_types)))
+    vendor_types = ["partners", "redhat"] if "all" in vendor_types else vendor_types
+
+    # Iterate through `charts/` to find chart submission with src or tgz
+    for vt in vendor_types:
+        charts_path_vt = f"{charts_path}/{vt}"
+        vendor_names = [
+            name
+            for name in os.listdir(charts_path_vt)
+            if os.path.isdir(f"{charts_path_vt}/{name}")
+        ]
+        for vn in vendor_names:
+            charts_path_vt_vn = f"{charts_path_vt}/{vn}"
+            chart_names = [
+                name
+                for name in os.listdir(charts_path_vt_vn)
+                if os.path.isdir(f"{charts_path_vt_vn}/{name}")
+            ]
+            for cn in chart_names:
+                charts_path_vt_vn_cn = f"{charts_path_vt_vn}/{cn}"
+                file_names = [name for name in os.listdir(charts_path_vt_vn_cn)]
+                if "OWNERS" not in file_names:
+                    continue
+                chart_versions = [
+                    name
+                    for name in os.listdir(charts_path_vt_vn_cn)
+                    if os.path.isdir(f"{charts_path_vt_vn_cn}/{name}")
+                ]
+                # Only interest in latest chart version
+                if len(chart_versions) == 0:
+                    continue
+                cv = max(chart_versions)
+                charts_path_vt_vn_cn_cv = f"{charts_path_vt_vn_cn}/{cv}"
+                file_names = [name for name in os.listdir(charts_path_vt_vn_cn_cv)]
+                if "report.yaml" not in file_names and (
+                    f"{cn}-{cv}.tgz" in file_names or "src" in file_names
+                ):
+                    ret.append((vt, vn, cn, cv))
+    return ret
diff --git a/tests/functional/behave_features/common/utils/chart_certification.py b/tests/functional/behave_features/common/utils/chart_certification.py
new file mode 100644
index 00000000000..d300ea37400
--- /dev/null
+++ b/tests/functional/behave_features/common/utils/chart_certification.py
@@ -0,0 +1,1410 @@
+# -*- coding: utf-8 -*-
+"""Utility class for setting up and manipulating certification workflow tests."""
+
+import os
+import re
+import json
+import pathlib
+import shutil
+import logging
+import time
+import uuid
+import base64
+from tempfile import TemporaryDirectory
+from dataclasses import dataclass, field
+from string import Template
+from pathlib import Path
+
+import git
+import yaml
+
+from common.utils.notifier import *
+from common.utils.index import *
+from common.utils.github import *
+from common.utils.secret import *
+from common.utils.set_directory import SetDirectory
+from common.utils.setttings import *
+from common.utils.chart import *
+from common.utils.env import *
+
+
+@dataclass
+class ChartCertificationE2ETest:
+    owners_file_content: str = """\
+chart:
+  name: ${chart_name}
+  shortDescription: Test chart for testing chart submission workflows.
+publicPgpKey: ${public_key}
+providerDelivery: ${provider_delivery}
+users:
+- githubUsername: ${bot_name}
+vendor:
+  label: ${vendor}
+  name: ${vendor}
+"""
+    secrets: E2ETestSecret = E2ETestSecret()
+
+    old_cwd: str = os.getcwd()
+    repo: git.Repo = git.Repo()
+    temp_dir: TemporaryDirectory = None
+    temp_repo: git.Repo = None
+    github_actions: str = os.environ.get("GITHUB_ACTIONS")
+
+    def set_git_username_email(self, repo, username, email):
+        """
+        Parameters:
+        repo (git.Repo): git.Repo instance of the local directory
+        username (str): git username to set
+        email (str): git email to set
+        """
+        repo.config_writer().set_value("user", "name", username).release()
+        repo.config_writer().set_value("user", "email", email).release()
+
+    def remove_chart(
+        self, chart_directory, chart_version, remote_repo, base_branch, bot_token
+    ):
+        # Remove chart files from base branch
+        logging.info(
+            f"Remove {chart_directory}/{chart_version} from {remote_repo}:{base_branch}"
+        )
+        try:
+            self.temp_repo.git.rm(
+                "-rf", "--cached", f"{chart_directory}/{chart_version}"
+            )
+            self.temp_repo.git.commit("-m", f"Remove {chart_directory}/{chart_version}")
+            self.temp_repo.git.push(
+                f"https://x-access-token:{bot_token}@github.com/{remote_repo}",
+                f"HEAD:refs/heads/{base_branch}",
+            )
+        except git.exc.GitCommandError:
+            logging.info(
+                f"{chart_directory}/{chart_version} not exist on {remote_repo}:{base_branch}"
+            )
+
+    def remove_owners_file(self, chart_directory, remote_repo, base_branch, bot_token):
+        # Remove the OWNERS file from base branch
+        logging.info(
+            f"Remove {chart_directory}/OWNERS from {remote_repo}:{base_branch}"
+        )
+        try:
+            self.temp_repo.git.rm("-rf", "--cached", f"{chart_directory}/OWNERS")
+            self.temp_repo.git.commit("-m", f"Remove {chart_directory}/OWNERS")
+            self.temp_repo.git.push(
+                f"https://x-access-token:{bot_token}@github.com/{remote_repo}",
+                f"HEAD:refs/heads/{base_branch}",
+            )
+        except git.exc.GitCommandError:
+            logging.info(
+                f"{chart_directory}/OWNERS not exist on {remote_repo}:{base_branch}"
+            )
+
+    def create_test_gh_pages_branch(self, remote_repo, base_branch, bot_token):
+        # Get SHA from 'dev-gh-pages' branch
+        logging.info(
+            f"Create '{remote_repo}:{base_branch}-gh-pages' from '{remote_repo}:dev-gh-pages'"
+        )
+        r = github_api(
+            "get", f"repos/{remote_repo}/git/ref/heads/dev-gh-pages", bot_token
+        )
+        j = json.loads(r.text)
+        sha = j["object"]["sha"]
+
+        # Create a new gh-pages branch for testing
+        data = {"ref": f"refs/heads/{base_branch}-gh-pages", "sha": sha}
+        r = github_api("post", f"repos/{remote_repo}/git/refs", bot_token, json=data)
+
+        logging.info(f"gh-pages branch created: {base_branch}-gh-pages")
+
+    def setup_git_context(self, repo: git.Repo):
+        self.set_git_username_email(
+            repo, self.secrets.bot_name, GITHUB_ACTIONS_BOT_EMAIL
+        )
+        if os.environ.get("WORKFLOW_DEVELOPMENT"):
+            logging.info("Wokflow development enabled")
+            repo.git.add(A=True)
+            repo.git.commit("-m", "Checkpoint")
+
+    def send_pull_request(self, remote_repo, base_branch, pr_branch, bot_token):
+        pr_body = os.environ.get("PR_BODY")
+        data = {
+            "head": pr_branch,
+            "base": base_branch,
+            "title": base_branch,
+            "body": pr_body,
+        }
+        logging.debug(f"PR_BODY Content: {pr_body}")
+        logging.info(f"Create PR from '{remote_repo}:{pr_branch}'")
+        r = github_api("post", f"repos/{remote_repo}/pulls", bot_token, json=data)
+        j = json.loads(r.text)
+        if "number" not in j:
+            raise AssertionError(f"error sending pull request, response was: {r.text}")
+        return j["number"]
+
+    def create_and_push_owners_file(
+        self,
+        chart_directory,
+        base_branch,
+        vendor_name,
+        vendor_type,
+        chart_name,
+        provider_delivery=False,
+        public_key_file=None,
+    ):
+        with SetDirectory(Path(self.temp_dir.name)):
+            # Create the OWNERS file from the string template
+            if public_key_file is not None:
+                with open(public_key_file, "r") as f:
+                    content = f.read()
+                encoded_content = content.encode("utf-8")
+                public_key_value = base64.b64encode(encoded_content).decode("utf-8")
+            else:
+                public_key_value = "null"
+            values = {
+                "bot_name": self.secrets.bot_name,
+                "public_key": public_key_value,
+                "vendor": vendor_name,
+                "chart_name": chart_name,
+                "provider_delivery": provider_delivery,
+            }
+            content = Template(self.secrets.owners_file_content).substitute(values)
+            logging.debug(f"OWNERS File Content: {content}")
+            with open(f"{chart_directory}/OWNERS", "w") as fd:
+                fd.write(content)
+
+            # Push OWNERS file to the test_repo
+            logging.info(
+                f"Push OWNERS file to '{self.secrets.test_repo}:{base_branch}'"
+            )
+            self.temp_repo.git.add(f"{chart_directory}/OWNERS")
+            self.temp_repo.git.commit(
+                "-m", f"Add {vendor_type} {vendor_name} {chart_name} OWNERS file"
+            )
+            self.temp_repo.git.push(
+                f"https://x-access-token:{self.secrets.bot_token}@github.com/{self.secrets.test_repo}",
+                f"HEAD:refs/heads/{base_branch}",
+                "-f",
+            )
+
+    def check_index_yaml(
+        self,
+        base_branch,
+        vendor,
+        chart_name,
+        chart_version,
+        index_file="index.yaml",
+        check_provider_type=False,
+        failure_type="error",
+    ):
+        old_branch = self.repo.active_branch.name
+        self.repo.git.fetch(
+            f"https://github.com/{self.secrets.test_repo}.git",
+            "{0}:{0}".format(f"{base_branch}-gh-pages"),
+            "-f",
+        )
+
+        self.repo.git.checkout(f"{base_branch}-gh-pages")
+
+        with open(index_file, "r") as fd:
+            try:
+                index = yaml.safe_load(fd)
+            except yaml.YAMLError as err:
+                if failure_type == "error":
+                    raise AssertionError(f"error parsing index.yaml: {err}")
+                else:
+                    logging.warning(f"error parsing index.yaml: {err}")
+                    return False
+
+        if index:
+            entry = f"{vendor}-{chart_name}"
+            if "entries" not in index or entry not in index["entries"]:
+                if failure_type == "error":
+                    raise AssertionError(
+                        f"{entry} not added in entries to {index_file} & Found index.yaml entries: {index['entries']}"
+                    )
+                else:
+                    logging.warning(f"{chart_version} not added to {index_file}")
+                    logging.warning(
+                        f"Index.yaml entry content: {index['entries'][entry]}"
+                    )
+                    return False
+
+            version_list = [release["version"] for release in index["entries"][entry]]
+            if chart_version not in version_list:
+                raise AssertionError(
+                    f"{chart_version} not added to {index_file} & Found index.yaml entry content: {index['entries'][entry]}"
+                )
+
+            # This check is applicable for charts submitted in redhat path when one of the chart-verifier check fails
+            # Check whether providerType annotations is community in index.yaml when vendor_type is redhat
+            if check_provider_type and self.secrets.vendor_type == "redhat":
+                provider_type_in_index_yaml = index["entries"][entry][0]["annotations"][
+                    "charts.openshift.io/providerType"
+                ]
+                if provider_type_in_index_yaml != "community":
+                    if failure_type == "error":
+                        raise AssertionError(
+                            f"{provider_type_in_index_yaml} is not correct as providerType in index.yaml"
+                        )
+                    else:
+                        logging.warning(
+                            f"{provider_type_in_index_yaml} is not correct as providerType in index.yaml"
+                        )
+
+            logging.info("Index updated correctly, cleaning up local branch")
+            self.repo.git.checkout(old_branch)
+            self.repo.git.branch("-D", f"{base_branch}-gh-pages")
+            return True
+        else:
+            return False
+
+    def check_release_result(
+        self,
+        vendor,
+        chart_name,
+        chart_version,
+        chart_tgz,
+        failure_type="error",
+        release_type=Release_Type.CHART_ONLY,
+    ):
+        expected_tag = f"{vendor}-{chart_name}-{chart_version}"
+        try:
+            release = get_release_by_tag(self.secrets, expected_tag)
+            logging.info(f"Released '{expected_tag}' successfully")
+        except Exception as e:
+            if failure_type == "error":
+                raise AssertionError(e)
+            else:
+                logging.warning(e)
+                return False
+
+        required_assets = []
+        if release_type == Release_Type.CHART_ONLY:
+            required_assets.append(chart_tgz)
+        elif release_type == Release_Type.REPORT_ONLY:
+            required_assets.append("report.yaml")
+        elif release_type == Release_Type.CHART_AND_REPORT:
+            required_assets.extend([chart_tgz, "report.yaml"])
+        elif release_type == Release_Type.REPORT_AND_KEY:
+            key_file = chart_name + "-" + chart_version + ".tgz" + ".key"
+            required_assets.extend(["report.yaml", key_file])
+        elif release_type == Release_Type.CHART_PROV_AND_REPORT:
+            prov_file = chart_tgz + ".prov"
+            required_assets.extend([chart_tgz, "report.yaml", prov_file])
+        elif release_type == Release_Type.CHART_REPORT_PROV_AND_KEY:
+            key_file = chart_tgz + ".key"
+            prov_file = chart_tgz + ".prov"
+            required_assets.extend([chart_tgz, "report.yaml", prov_file, key_file])
+        else:
+            sys.exit("Trying to check wrong release type")
+
+        logging.info(f"Check '{required_assets}' is in release assets")
+        release_id = release["id"]
+        try:
+            check_release_assets(self.secrets, release_id, required_assets)
+            return True
+        except Exception as e:
+            if failure_type == "error":
+                raise AssertionError(e)
+            else:
+                logging.warning(e)
+                return False
+        finally:
+            logging.info(f"Delete release '{expected_tag}'")
+            github_api(
+                "delete",
+                f"repos/{self.secrets.test_repo}/releases/{release_id}",
+                self.secrets.bot_token,
+            )
+
+            logging.info(f"Delete release tag '{expected_tag}'")
+            github_api(
+                "delete",
+                f"repos/{self.secrets.test_repo}/git/refs/tags/{expected_tag}",
+                self.secrets.bot_token,
+            )
+
+    # expect_result: a string representation of expected result, e.g. 'success'
+    def check_workflow_conclusion(
+        self, pr_number, expect_result: str, failure_type="error"
+    ):
+        try:
+            # Check workflow conclusion
+            run_id = get_run_id(self.secrets, pr_number)
+            conclusion = get_run_result(self.secrets, run_id)
+            if conclusion == expect_result:
+                logging.info(
+                    f"PR{pr_number} Workflow run was '{expect_result}' which is expected"
+                )
+            else:
+                if failure_type == "warning":
+                    logging.warning(
+                        f"PR{pr_number if pr_number else self.secrets.pr_number} Workflow run was '{conclusion}' which is unexpected, run id: {run_id}"
+                    )
+                else:
+                    raise AssertionError(
+                        f"PR{pr_number if pr_number else self.secrets.pr_number} Workflow run was '{conclusion}' which is unexpected, run id: {run_id}"
+                    )
+
+            return run_id, conclusion
+        except Exception as e:
+            if failure_type == "error":
+                raise AssertionError(e)
+            else:
+                logging.warning(e)
+                return None, None
+
+    # expect_merged: boolean representing whether the PR should be merged
+    def check_pull_request_result(
+        self, pr_number, expect_merged: bool, failure_type="error"
+    ):
+        # Check if PR merged
+        r = github_api(
+            "get",
+            f"repos/{self.secrets.test_repo}/pulls/{pr_number}/merge",
+            self.secrets.bot_token,
+        )
+        logging.info(f"PR{pr_number} result status_code : {r.status_code}")
+        if r.status_code == 204 and expect_merged:
+            logging.info(f"PR{pr_number} merged sucessfully as expected")
+            return True
+        elif r.status_code == 404 and not expect_merged:
+            logging.info(f"PR{pr_number} not merged, which is expected")
+            return True
+        elif r.status_code == 204 and not expect_merged:
+            if failure_type == "error":
+                raise AssertionError(
+                    f"PR{pr_number} Expecting not merged but PR was merged"
+                )
+            else:
+                logging.warning(f"PR{pr_number} Expecting not merged but PR was merged")
+                return False
+        elif r.status_code == 404 and expect_merged:
+            if failure_type == "error":
+                raise AssertionError(
+                    f"PR{pr_number} Expecting PR merged but PR was not merged"
+                )
+            else:
+                logging.warning(
+                    f"PR{pr_number} Expecting PR merged but PR was not merged"
+                )
+                return False
+        else:
+            if failure_type == "error":
+                raise AssertionError(
+                    f"PR{pr_number} Got unexpected status code from PR: {r.status_code}"
+                )
+            else:
+                logging.warning(
+                    f"PR{pr_number} Got unexpected status code from PR: {r.status_code}"
+                )
+                return False
+
+    def cleanup_release(self, expected_tag):
+        """Cleanup the release and release tag.
+
+        Releases might be left behind if check_index_yam() ran before check_release_result() and fails the test.
+        """
+        r = github_api(
+            "get", f"repos/{self.secrets.test_repo}/releases", self.secrets.bot_token
+        )
+        releases = json.loads(r.text)
+        logging.debug(f"List of releases: {releases}")
+        for release in releases:
+            if release["tag_name"] == expected_tag:
+                release_id = release["id"]
+                logging.info(f"Delete release '{expected_tag}'")
+                github_api(
+                    "delete",
+                    f"repos/{self.secrets.test_repo}/releases/{release_id}",
+                    self.secrets.bot_token,
+                )
+
+                logging.info(f"Delete release tag '{expected_tag}'")
+                github_api(
+                    "delete",
+                    f"repos/{self.secrets.test_repo}/git/refs/tags/{expected_tag}",
+                    self.secrets.bot_token,
+                )
+
+    def check_pull_request_labels(self, pr_number):
+        r = github_api(
+            "get",
+            f"repos/{self.secrets.test_repo}/issues/{pr_number}/labels",
+            self.secrets.bot_token,
+        )
+        labels = json.loads(r.text)
+        authorized_request = False
+        content_ok = False
+        for label in labels:
+            logging.info(f"PR{pr_number} found label {label['name']}")
+            if label["name"] == "authorized-request":
+                authorized_request = True
+            if label["name"] == "content-ok":
+                content_ok = True
+
+        if authorized_request and content_ok:
+            logging.info(
+                f"PR{pr_number} authorized request and content-ok labels were found as expected"
+            )
+            return True
+        else:
+            raise AssertionError(
+                f"PR{pr_number} authorized request and/or content-ok labels were not found as expected"
+            )
+
+
+@dataclass
+class ChartCertificationE2ETestSingle(ChartCertificationE2ETest):
+    test_name: str = ""  # Meaningful test name for this test, displayed in PR title
+    test_charts: list[Chart] = field(default_factory=list)
+    # test_report: str = ''
+    # chart_directory: str = ''
+    uuid: str = ""
+    head_sha: str = ""
+    secrets: E2ETestSecretOneShot = E2ETestSecretOneShot()
+
+    def __post_init__(self) -> None:
+        # unique string based on uuid.uuid4(), not using timestamp here because even
+        # in nanoseconds there are chances of collisions among first test cases of
+        # different processes.
+        self.uuid = uuid.uuid4().hex
+
+        bot_name, bot_token = get_bot_name_and_token()
+        test_repo = TEST_REPO
+
+        # Storing current branch to checkout after scenario execution
+        if os.environ.get("LOCAL_RUN"):
+            self.secrets.active_branch = self.repo.active_branch.name
+            logging.debug(f"Active branch name : {self.secrets.active_branch}")
+
+        # Create a new branch locally from detached HEAD
+        self.head_sha = self.repo.git.rev_parse("--short", "HEAD")
+        unique_branch = f"{self.head_sha}-{self.uuid}"
+        logging.debug(f"Unique branch name : {unique_branch}")
+        local_branches = [h.name for h in self.repo.heads]
+        logging.debug(f"Local branch names : {local_branches}")
+        if unique_branch not in local_branches:
+            self.repo.git.checkout("-b", f"{unique_branch}")
+
+        current_branch = self.repo.active_branch.name
+        logging.debug(f"Current active branch name : {current_branch}")
+
+        r = github_api("get", f"repos/{test_repo}/branches", bot_token)
+        branches = json.loads(r.text)
+        branch_names = [branch["name"] for branch in branches]
+        logging.debug(f"Remote test repo branch names : {branch_names}")
+        if current_branch not in branch_names:
+            logging.info(
+                f"{test_repo}:{current_branch} does not exists, creating with local branch"
+            )
+            self.repo.git.push(
+                f"https://x-access-token:{bot_token}@github.com/{test_repo}",
+                f"HEAD:refs/heads/{current_branch}",
+                "-f",
+            )
+
+        pretty_test_name = self.test_name.strip().lower().replace(" ", "-")
+        base_branch = (
+            f"{self.uuid}-{pretty_test_name}-{current_branch}"
+            if pretty_test_name
+            else f"{self.uuid}-test-{current_branch}"
+        )
+        logging.debug(f"Base branch name : {base_branch}")
+        pr_branch = base_branch + "-pr-branch"
+
+        self.secrets.test_repo = test_repo
+        self.secrets.bot_name = bot_name
+        self.secrets.bot_token = bot_token
+        self.secrets.base_branch = base_branch
+        self.secrets.pr_branch = pr_branch
+        self.secrets.owners_file_content = self.owners_file_content
+        self.secrets.index_file = "index.yaml"
+        self.secrets.provider_delivery = False
+
+    def cleanup(self):
+        # Cleanup releases and release tags
+        self.cleanup_release()
+        # Teardown step to cleanup branches
+        if self.temp_dir is not None:
+            self.temp_dir.cleanup()
+        self.repo.git.worktree("prune")
+
+        current_branch = f"{self.head_sha}-{self.uuid}"
+        logging.info(f"Delete remote '{current_branch}' branch")
+        github_api(
+            "delete",
+            f"repos/{self.secrets.test_repo}/git/refs/heads/{current_branch}",
+            self.secrets.bot_token,
+        )
+
+        logging.info(f"Delete '{self.secrets.test_repo}:{self.secrets.base_branch}'")
+        github_api(
+            "delete",
+            f"repos/{self.secrets.test_repo}/git/refs/heads/{self.secrets.base_branch}",
+            self.secrets.bot_token,
+        )
+
+        logging.info(
+            f"Delete '{self.secrets.test_repo}:{self.secrets.base_branch}-gh-pages'"
+        )
+        github_api(
+            "delete",
+            f"repos/{self.secrets.test_repo}/git/refs/heads/{self.secrets.base_branch}-gh-pages",
+            self.secrets.bot_token,
+        )
+
+        logging.info(f"Delete '{self.secrets.test_repo}:{self.secrets.pr_branch}'")
+        github_api(
+            "delete",
+            f"repos/{self.secrets.test_repo}/git/refs/heads/{self.secrets.pr_branch}",
+            self.secrets.bot_token,
+        )
+
+        logging.info(f"Delete local '{self.secrets.base_branch}'")
+        try:
+            self.repo.git.branch("-D", self.secrets.base_branch)
+        except git.exc.GitCommandError:
+            logging.info(f"Local '{self.secrets.base_branch}' does not exist")
+
+        logging.info(f"Delete local '{current_branch}'")
+        try:
+            if os.environ.get("LOCAL_RUN"):
+                self.repo.git.checkout(f"{self.secrets.active_branch}")
+            self.repo.git.branch("-D", current_branch)
+        except git.exc.GitCommandError:
+            logging.info(f"Local '{current_branch}' does not exist")
+
+    def update_bot_name(self, bot_name):
+        logging.debug(f"Updating bot name: {bot_name}")
+        self.secrets.bot_name = bot_name
+
+    def update_bad_version(self, bad_version):
+        logging.debug(f"Updating bad version: {bad_version}")
+        self.secrets.bad_version = bad_version
+
+    def update_provided_delivery(self, value):
+        if value == "true":
+            self.secrets.provider_delivery = True
+        else:
+            self.secrets.provider_delivery = False
+
+    def update_test_charts(self, test_charts, new_chart_version=""):
+        logging.debug(f"Updating test charts: {test_charts}")
+        for chart in test_charts:
+            if chart[0] == Chart_Type.SRC or chart[0] == Chart_Type.TAR:
+                if new_chart_version == "":
+                    chart_name, chart_version = get_name_and_version_from_chart_tar(
+                        chart[1]
+                    )
+                    test_chart = Chart(
+                        chart_name=chart_name,
+                        chart_version=chart_version,
+                        chart_type=chart[0],
+                        chart_file_path=chart[1],
+                    )
+                else:
+                    chart_name, _ = get_name_and_version_from_chart_tar(chart[1])
+                    test_chart = Chart(
+                        chart_name=chart_name,
+                        chart_version=new_chart_version,
+                        chart_type=chart[0],
+                        chart_file_path=chart[1],
+                    )
+            elif chart[0] == Chart_Type.REPORT:
+                if new_chart_version == "":
+                    chart_name, chart_version = get_name_and_version_from_report(
+                        chart[1]
+                    )
+                    test_chart = Chart(
+                        chart_name=chart_name,
+                        chart_version=chart_version,
+                        chart_type=chart[0],
+                        report_file_path=chart[1],
+                    )
+                else:
+                    chart_name, _ = get_name_and_version_from_report(chart[1])
+                    test_chart = Chart(
+                        chart_name=chart_name,
+                        chart_version=new_chart_version,
+                        chart_type=chart[0],
+                        report_file_path=chart[1],
+                    )
+            elif (
+                chart[0] == Chart_Type.SRC_AND_REPORT
+                or chart[0] == Chart_Type.TAR_AND_REPORT
+            ):
+                if new_chart_version == "":
+                    chart_name, chart_version = get_name_and_version_from_report(
+                        chart[2]
+                    )
+                    test_chart = Chart(
+                        chart_name=chart_name,
+                        chart_version=chart_version,
+                        chart_type=chart[0],
+                        chart_file_path=chart[1],
+                        report_file_path=chart[2],
+                    )
+                else:
+                    chart_name, _ = get_name_and_version_from_report(chart[2])
+                    test_chart = Chart(
+                        chart_name=chart_name,
+                        chart_version=new_chart_version,
+                        chart_type=chart[0],
+                        chart_file_path=chart[1],
+                        report_file_path=chart[2],
+                    )
+            else:
+                raise AssertionError(
+                    f"Chart_Type: {chart[0]} is not correct or yet to be handled"
+                )
+
+            test_chart.update_chart_directory(self.secrets)
+            self.test_charts.append(test_chart)
+
+    def get_unique_vendor(self, vendor):
+        """Set unique vendor name.
+        Note that release tag is generated with this vendor name.
+        """
+        # unique string based on uuid.uuid4()
+        suffix = self.uuid
+        if "PR_NUMBER" in os.environ:
+            pr_num = os.environ["PR_NUMBER"]
+            suffix = f"{suffix}-{pr_num}"
+        return f"{vendor}-{suffix}"
+
+    def set_vendor(self, vendor, vendor_type):
+        # use unique vendor id to avoid collision between tests
+        logging.debug(f"Setting vendor: {vendor} vendor_type: {vendor_type}")
+        self.secrets.vendor = self.get_unique_vendor(vendor)
+        logging.debug(f"Unique vendor value: {self.secrets.vendor}")
+        self.secrets.vendor_type = vendor_type
+
+    def setup_git_context(self):
+        super().setup_git_context(self.repo)
+
+    def setup_gh_pages_branch(self):
+        self.create_test_gh_pages_branch(
+            self.secrets.test_repo, self.secrets.base_branch, self.secrets.bot_token
+        )
+
+    def setup_temp_dir(self):
+        self.temp_dir = TemporaryDirectory(prefix="tci-")
+        with SetDirectory(Path(self.temp_dir.name)):
+            # Make PR's from a temporary directory
+            logging.info(f"Worktree directory: {self.temp_dir.name}")
+            self.repo.git.worktree("add", "--detach", self.temp_dir.name, "HEAD")
+            self.temp_repo = git.Repo(self.temp_dir.name)
+
+            self.set_git_username_email(
+                self.temp_repo, self.secrets.bot_name, GITHUB_ACTIONS_BOT_EMAIL
+            )
+            self.temp_repo.git.checkout("-b", self.secrets.base_branch)
+            for chart in self.test_charts:
+                pathlib.Path(f"{chart.chart_directory}/{chart.chart_version}").mkdir(
+                    parents=True, exist_ok=True
+                )
+
+                self.remove_chart(
+                    chart.chart_directory,
+                    chart.chart_version,
+                    self.secrets.test_repo,
+                    self.secrets.base_branch,
+                    self.secrets.bot_token,
+                )
+                self.remove_owners_file(
+                    chart.chart_directory,
+                    self.secrets.test_repo,
+                    self.secrets.base_branch,
+                    self.secrets.bot_token,
+                )
+
+    def update_chart_version_in_chart_yaml(self, new_version):
+        with SetDirectory(Path(self.temp_dir.name)):
+            for chart in self.test_charts:
+                path = f"{chart.chart_directory}/{chart.chart_version}/src/Chart.yaml"
+                with open(path, "r") as fd:
+                    try:
+                        chart = yaml.safe_load(fd)
+                    except yaml.YAMLError as err:
+                        raise AssertionError(f"error parsing '{path}': {err}")
+                current_version = chart["version"]
+
+                if current_version != new_version:
+                    chart["version"] = new_version
+                    try:
+                        with open(path, "w") as fd:
+                            fd.write(yaml.dump(chart))
+                    except Exception as e:
+                        raise AssertionError("Failed to update version in yaml file")
+
+    def remove_readme_file(self):
+        with SetDirectory(Path(self.temp_dir.name)):
+            for chart in self.test_charts:
+                path = f"{chart.chart_directory}/{chart.chart_version}/src/README.md"
+                try:
+                    os.remove(path)
+                except Exception as e:
+                    raise AssertionError(f"Failed to remove readme file : {e}")
+
+    def process_owners_file(self, public_key_file=None):
+        super().create_and_push_owners_file(
+            self.test_charts[0].chart_directory,
+            self.secrets.base_branch,
+            self.secrets.vendor,
+            self.secrets.vendor_type,
+            self.test_charts[0].chart_name,
+            self.secrets.provider_delivery,
+            public_key_file,
+        )
+
+    def process_charts(self, include_prov_file=False):
+        with SetDirectory(Path(self.temp_dir.name)):
+            for chart in self.test_charts:
+                if (
+                    chart.chart_type == Chart_Type.TAR
+                    or chart.chart_type == Chart_Type.TAR_AND_REPORT
+                ):
+                    # Copy the chart tar into temporary directory for PR submission
+                    chart_tar = chart.chart_file_path.split("/")[-1]
+                    shutil.copyfile(
+                        f"{self.old_cwd}/{chart.chart_file_path}",
+                        f"{chart.chart_directory}/{chart.chart_version}/{chart_tar}",
+                    )
+                    if include_prov_file is True:
+                        prov_file_dir = "/".join(chart.chart_file_path.split("/")[:-1])
+                        prov_file_name = chart_tar + ".prov"
+                        logging.debug(f"PROV FILE DIR: {prov_file_dir}")
+                        logging.debug(f"PROV FILE NAME: {prov_file_name}")
+                        shutil.copyfile(
+                            f"{self.old_cwd}/{prov_file_dir}/{prov_file_name}",
+                            f"{chart.chart_directory}/{chart.chart_version}/{prov_file_name}",
+                        )
+                elif (
+                    chart.chart_type == Chart_Type.SRC
+                    or chart.chart_type == Chart_Type.SRC_AND_REPORT
+                ):
+                    # Unzip files into temporary directory for PR submission
+                    logging.debug(f"CHART SRC FILE PATH: {chart.chart_file_path}")
+                    extract_chart_tgz(
+                        chart.chart_file_path,
+                        f"{chart.chart_directory}/{chart.chart_version}",
+                        chart.chart_name,
+                        logging,
+                    )
+                elif chart.chart_type == Chart_Type.REPORT:
+                    logging.debug("Skip adding chart since chart_type is report")
+                else:
+                    raise AssertionError(
+                        f"Yet To be implemented for chart_type {chart.chart_type}"
+                    )
+
+    def process_report(self):
+        with SetDirectory(Path(self.temp_dir.name)):
+            # Copy report to temporary location and push to test_repo:pr_branch
+            logging.info(
+                f"Push report to '{self.secrets.test_repo}:{self.secrets.pr_branch}'"
+            )
+
+            for chart in self.test_charts:
+                if (
+                    chart.chart_type == Chart_Type.REPORT
+                    or chart.chart_type == Chart_Type.SRC_AND_REPORT
+                    or chart.chart_type == Chart_Type.TAR_AND_REPORT
+                ):
+                    if chart.report_file_path.endswith("json"):
+                        logging.debug("Report type is json")
+                        report_path = (
+                            f"{chart.chart_directory}/{chart.chart_version}/"
+                            + chart.report_file_path.split("/")[-1]
+                        )
+                        shutil.copyfile(f"{chart.report_file_path}", f"{report_path}")
+                    elif chart.report_file_path.endswith("yaml"):
+                        logging.debug("Report type is yaml")
+                        report_path = (
+                            f"{chart.chart_directory}/{chart.chart_version}/"
+                            + chart.report_file_path.split("/")[-1]
+                        )
+                        shutil.copyfile(f"{chart.report_file_path}", f"{report_path}")
+                    else:
+                        raise AssertionError("Unknown report type")
+
+                    self.temp_repo.git.add(report_path)
+
+        self.temp_repo.git.commit(
+            "-m", f"Add {self.secrets.vendor} {self.test_charts} report"
+        )
+        self.temp_repo.git.push(
+            f"https://x-access-token:{self.secrets.bot_token}@github.com/{self.secrets.test_repo}",
+            f"HEAD:refs/heads/{self.secrets.pr_branch}",
+            "-f",
+        )
+
+    def add_non_chart_related_file(self):
+        with SetDirectory(Path(self.temp_dir.name)):
+            for chart in self.test_charts:
+                path = f"{chart.chart_directory}/Notes.txt"
+                with open(path, "w") as fd:
+                    fd.write("This is a test file")
+
+    def push_charts(self, add_non_chart_file=False):
+        # Push chart to test_repo:pr_branch
+        for chart in self.test_charts:
+            if (
+                chart.chart_type == Chart_Type.TAR
+                or chart.chart_type == Chart_Type.TAR_AND_REPORT
+            ):
+                chart_tar = chart.chart_file_path.split("/")[-1]
+                self.temp_repo.git.add(
+                    f"{chart.chart_directory}/{chart.chart_version}/"
+                )
+            elif (
+                chart.chart_type == Chart_Type.SRC
+                or chart.chart_type == Chart_Type.SRC_AND_REPORT
+            ):
+                if add_non_chart_file:
+                    self.temp_repo.git.add(f"{chart.chart_directory}/")
+                else:
+                    self.temp_repo.git.add(
+                        f"{chart.chart_directory}/{chart.chart_version}/src"
+                    )
+            elif chart.chart_type == Chart_Type.REPORT:
+                logging.debug("Skip adding chart since chart_type is report")
+            else:
+                raise AssertionError(
+                    f"YTD: chart_type {chart.chart_type} is yet to be supported"
+                )
+
+        self.temp_repo.git.commit(
+            "-m", f"Adding {self.secrets.vendor} {self.test_charts} charts"
+        )
+
+        self.temp_repo.git.push(
+            f"https://x-access-token:{self.secrets.bot_token}@github.com/{self.secrets.test_repo}",
+            f"HEAD:refs/heads/{self.secrets.pr_branch}",
+            "-f",
+        )
+
+    def send_pull_request(self):
+        self.secrets.pr_number = super().send_pull_request(
+            self.secrets.test_repo,
+            self.secrets.base_branch,
+            self.secrets.pr_branch,
+            self.secrets.bot_token,
+        )
+        logging.info(f"[INFO] PR number: {self.secrets.pr_number}")
+
+    # expect_result: a string representation of expected result, e.g. 'success'
+    def check_workflow_conclusion(self, expect_result: str):
+        # Check workflow conclusion
+        super().check_workflow_conclusion(None, expect_result)
+
+    # expect_merged: boolean representing whether the PR should be merged
+    def check_pull_request_result(self, expect_merged: bool):
+        super().check_pull_request_result(self.secrets.pr_number, expect_merged)
+
+    def check_pull_request_labels(self):
+        super().check_pull_request_labels(self.secrets.pr_number)
+
+    def check_pull_request_comments(self, expect_message: str):
+        r = github_api(
+            "get",
+            f"repos/{self.secrets.test_repo}/issues/{self.secrets.pr_number}/comments",
+            self.secrets.bot_token,
+        )
+        logging.debug(f"STATUS_CODE: {r.status_code}")
+
+        response = json.loads(r.text)
+        logging.debug(f"CHECK PULL_REQUEST COMMENT RESPONSE: {response}")
+        if len(response) == 0:
+            raise AssertionError(f"No comment found in the PR {self.secrets.pr_number}")
+        complete_comment = response[0]["body"]
+
+        if re.search(expect_message, complete_comment):
+            logging.info("Found the expected comment in the PR")
+        else:
+            raise AssertionError(
+                f"Was expecting '{expect_message}' in the comment {complete_comment}"
+            )
+
+    def check_index_yaml(self, check_provider_type=False):
+        for chart in self.test_charts:
+            super().check_index_yaml(
+                self.secrets.base_branch,
+                self.secrets.vendor,
+                chart.chart_name,
+                chart.chart_version,
+                self.secrets.index_file,
+                check_provider_type,
+            )
+
+    def check_release_result(self, release_type):
+        for chart in self.test_charts:
+            chart_tgz = chart.chart_file_path.split("/")[-1]
+            super().check_release_result(
+                self.secrets.vendor,
+                chart.chart_name,
+                chart.chart_version,
+                chart_tgz,
+                release_type=release_type,
+            )
+
+    def cleanup_release(self):
+        for chart in self.test_charts:
+            expected_tag = (
+                f"{self.secrets.vendor}-{chart.chart_name}-{chart.chart_version}"
+            )
+            super().cleanup_release(expected_tag)
+
+
+@dataclass
+class ChartCertificationE2ETestMultiple(ChartCertificationE2ETest):
+    secrets: E2ETestSecretRecursive = E2ETestSecretRecursive()
+
+    def __post_init__(self) -> None:
+        bot_name, bot_token = get_bot_name_and_token()
+        dry_run = get_dry_run()
+        notify_id = get_notify_id()
+        software_name, software_version = get_software_name_version()
+        vendor_type = get_vendor_type()
+
+        test_repo = TEST_REPO
+        base_branches = []
+        pr_branches = []
+
+        pr_base_branch = self.repo.active_branch.name
+        r = github_api("get", f"repos/{test_repo}/branches", bot_token)
+        branches = json.loads(r.text)
+        branch_names = [branch["name"] for branch in branches]
+        if pr_base_branch not in branch_names:
+            logging.info(
+                f"{test_repo}:{pr_base_branch} does not exists, creating with local branch"
+            )
+        self.repo.git.push(
+            f"https://x-access-token:{bot_token}@github.com/{test_repo}",
+            f"HEAD:refs/heads/{pr_base_branch}",
+            "-f",
+        )
+
+        self.secrets = E2ETestSecretRecursive()
+        self.secrets.software_name = software_name
+        self.secrets.software_version = software_version
+        self.secrets.test_repo = test_repo
+        self.secrets.bot_name = bot_name
+        self.secrets.bot_token = bot_token
+        self.secrets.vendor_type = vendor_type
+        self.secrets.pr_base_branch = pr_base_branch
+        self.secrets.base_branches = base_branches
+        self.secrets.pr_branches = pr_branches
+        self.secrets.dry_run = dry_run
+        self.secrets.notify_id = notify_id
+        self.secrets.owners_file_content = self.owners_file_content
+        self.secrets.release_tags = list()
+
+    def cleanup(self):
+        # Teardown step to cleanup releases and branches
+        for release_tag in self.secrets.release_tags:
+            self.cleanup_release(release_tag)
+
+        self.repo.git.worktree("prune")
+        for base_branch in self.secrets.base_branches:
+            logging.info(f"Delete '{self.secrets.test_repo}:{base_branch}'")
+            github_api(
+                "delete",
+                f"repos/{self.secrets.test_repo}/git/refs/heads/{base_branch}",
+                self.secrets.bot_token,
+            )
+
+            logging.info(f"Delete '{self.secrets.test_repo}:{base_branch}-gh-pages'")
+            github_api(
+                "delete",
+                f"repos/{self.secrets.test_repo}/git/refs/heads/{base_branch}-gh-pages",
+                self.secrets.bot_token,
+            )
+
+            logging.info(f"Delete local '{base_branch}'")
+            try:
+                self.repo.git.branch("-D", base_branch)
+            except git.exc.GitCommandError:
+                logging.info(f"Local '{base_branch}' does not exist")
+
+        for pr_branch in self.secrets.pr_branches:
+            logging.info(f"Delete '{self.secrets.test_repo}:{pr_branch}'")
+            github_api(
+                "delete",
+                f"repos/{self.secrets.test_repo}/git/refs/heads/{pr_branch}",
+                self.secrets.bot_token,
+            )
+
+        try:
+            logging.info("Delete local 'tmp' branch")
+            self.temp_repo.git.branch("-D", "tmp")
+        except git.exc.GitCommandError:
+            logging.info("Local 'tmp' branch does not exist")
+
+    def setup_temp_dir(self):
+        self.temp_dir = TemporaryDirectory(prefix="tci-")
+        with SetDirectory(Path(self.temp_dir.name)):
+            # Make PR's from a temporary directory
+            logging.info(f"Worktree directory: {self.temp_dir.name}")
+            self.repo.git.worktree("add", "--detach", self.temp_dir.name, "HEAD")
+            self.temp_repo = git.Repo(self.temp_dir.name)
+
+            # Run submission flow test with charts in PROD_REPO:PROD_BRANCH
+            self.set_git_username_email(
+                self.temp_repo, self.secrets.bot_name, GITHUB_ACTIONS_BOT_EMAIL
+            )
+            self.temp_repo.git.checkout(PROD_BRANCH, "charts")
+            self.temp_repo.git.restore("--staged", "charts")
+            self.secrets.submitted_charts = get_all_charts(
+                "charts", self.secrets.vendor_type
+            )
+            logging.info(
+                f"Found charts for {self.secrets.vendor_type}: {self.secrets.submitted_charts}"
+            )
+            self.temp_repo.git.checkout("-b", "tmp")
+
+    def get_owner_ids(self, chart_directory, owners_table):
+        with open(f"{chart_directory}/OWNERS", "r") as fd:
+            try:
+                owners = yaml.safe_load(fd)
+                # Pick owner ids for notification
+                owners_table[chart_directory] = [
+                    owner.get("githubUsername", "") for owner in owners["users"]
+                ]
+            except yaml.YAMLError as err:
+                logging.warning(f"Error parsing OWNERS of {chart_directory}: {err}")
+
+    def push_chart(
+        self,
+        chart_directory,
+        chart_name,
+        chart_version,
+        vendor_name,
+        vendor_type,
+        pr_branch,
+    ):
+        # Push chart files to test_repo:pr_branch
+        self.temp_repo.git.add(f"{chart_directory}/{chart_version}")
+        self.temp_repo.git.commit(
+            "-m",
+            f"Add {vendor_type} {vendor_name} {chart_name} {chart_version} chart files",
+        )
+        self.temp_repo.git.push(
+            f"https://x-access-token:{self.secrets.bot_token}@github.com/{self.secrets.test_repo}",
+            f"HEAD:refs/heads/{pr_branch}",
+            "-f",
+        )
+
+    def report_failure(
+        self, chart, chart_owners, failure_type, pr_html_url=None, run_html_url=None
+    ):
+        os.environ["GITHUB_REPO"] = PROD_REPO.split("/")[1]
+        os.environ["GITHUB_AUTH_TOKEN"] = self.secrets.bot_token
+        if not self.secrets.dry_run:
+            os.environ["GITHUB_REPO"] = PROD_REPO.split("/")[1]
+            os.environ["GITHUB_AUTH_TOKEN"] = self.secrets.bot_token
+            os.environ["GITHUB_ORGANIZATION"] = PROD_REPO.split("/")[0]
+            logging.info(
+                f"Send notification to '{self.secrets.notify_id}' about verification result of '{chart}'"
+            )
+            create_verification_issue(
+                chart,
+                chart_owners,
+                failure_type,
+                self.secrets.notify_id,
+                pr_html_url,
+                run_html_url,
+                self.secrets.software_name,
+                self.secrets.software_version,
+                self.secrets.bot_token,
+                self.secrets.dry_run,
+            )
+        else:
+            os.environ["GITHUB_ORGANIZATION"] = PROD_REPO.split("/")[0]
+            os.environ["GITHUB_REPO"] = "sandbox"
+            os.environ["GITHUB_AUTH_TOKEN"] = self.secrets.bot_token
+            logging.info(
+                f"Send notification to '{self.secrets.notify_id}' about dry run verification result of '{chart}'"
+            )
+            create_verification_issue(
+                chart,
+                chart_owners,
+                failure_type,
+                self.secrets.notify_id,
+                pr_html_url,
+                run_html_url,
+                self.secrets.software_name,
+                self.secrets.software_version,
+                self.secrets.bot_token,
+                self.secrets.dry_run,
+            )
+            logging.info(
+                f"Dry Run - send sandbox notification to '{chart_owners}' about verification result of '{chart}'"
+            )
+
+    def check_single_chart_result(
+        self,
+        vendor_type,
+        vendor_name,
+        chart_name,
+        chart_version,
+        pr_number,
+        owners_table,
+    ):
+        base_branch = f"{self.secrets.software_name}-{self.secrets.software_version}-{self.secrets.pr_base_branch}-{vendor_type}-{vendor_name}-{chart_name}-{chart_version}"
+
+        # Check workflow conclusion
+        chart = f"{vendor_name} {chart_name} {chart_version}"
+        run_id, conclusion = super().check_workflow_conclusion(
+            pr_number, "success", failure_type="warning"
+        )
+
+        if conclusion and run_id:
+            if conclusion != "success":
+                # Send notification to owner through GitHub issues
+                r = github_api(
+                    "get",
+                    f"repos/{self.secrets.test_repo}/actions/runs/{run_id}",
+                    self.secrets.bot_token,
+                )
+                run = r.json()
+                run_html_url = run["html_url"]
+
+                pr = get_pr(self.secrets, pr_number)
+                pr_html_url = pr["html_url"]
+                chart_directory = f"charts/{vendor_type}/{vendor_name}/{chart_name}"
+                chart_owners = owners_table[chart_directory]
+
+                self.report_failure(
+                    chart, chart_owners, CHECKS_FAILED, pr_html_url, run_html_url
+                )
+
+                logging.warning(
+                    f"PR{pr_number} workflow failed: {vendor_name}, {chart_name}, {chart_version}"
+                )
+                return
+            else:
+                logging.info(
+                    f"PR{pr_number} workflow passed: {vendor_name}, {chart_name}, {chart_version}"
+                )
+        else:
+            logging.warning(
+                f"PR{pr_number} workflow did not complete: {vendor_name}, {chart_name}, {chart_version}"
+            )
+            return
+
+        # Check PRs are merged
+        if not super().check_pull_request_result(
+            pr_number, True, failure_type="warning"
+        ):
+            logging.warning(
+                f"PR{pr_number} pull request was not merged: {vendor_name}, {chart_name}, {chart_version}"
+            )
+            return
+        logging.info(
+            f"PR{pr_number} pull request was merged: {vendor_name}, {chart_name}, {chart_version}"
+        )
+
+        # Check index.yaml is updated
+        if not super().check_index_yaml(
+            base_branch,
+            vendor_name,
+            chart_name,
+            chart_version,
+            check_provider_type=False,
+            failure_type="warning",
+        ):
+            logging.warning(
+                f"PR{pr_number} - Chart was not found in Index file: {vendor_name}, {chart_name}, {chart_version}"
+            )
+        logging.info(
+            f"PR{pr_number} - Chart was found in Index file: {vendor_name}, {chart_name}, {chart_version}"
+        )
+
+        # Check release is published
+        chart_tgz = f"{chart_name}-{chart_version}.tgz"
+        if not super().check_release_result(
+            vendor_name, chart_name, chart_version, chart_tgz, failure_type="warning"
+        ):
+            logging.warning(
+                f"PR{pr_number} - Release was not created: {vendor_name}, {chart_name}, {chart_version}"
+            )
+        logging.info(
+            f"PR{pr_number} - Release was created: {vendor_name}, {chart_name}, {chart_version}"
+        )
+
+    def process_single_chart(
+        self,
+        vendor_type,
+        vendor_name,
+        chart_name,
+        chart_version,
+        pr_number_list,
+        owners_table,
+    ):
+        # Get SHA from 'pr_base_branch' branch
+        logging.info(
+            f"Process chart: {vendor_type}/{vendor_name}/{chart_name}/{chart_version}"
+        )
+        r = github_api(
+            "get",
+            f"repos/{self.secrets.test_repo}/git/ref/heads/{self.secrets.pr_base_branch}",
+            self.secrets.bot_token,
+        )
+        j = json.loads(r.text)
+        pr_base_branch_sha = j["object"]["sha"]
+
+        chart_directory = f"charts/{vendor_type}/{vendor_name}/{chart_name}"
+        base_branch = f"{self.secrets.software_name}-{self.secrets.software_version}-{self.secrets.pr_base_branch}-{vendor_type}-{vendor_name}-{chart_name}-{chart_version}"
+        base_branch = base_branch.replace(":", "-")
+        pr_branch = f"{base_branch}-pr-branch"
+
+        self.secrets.base_branches.append(base_branch)
+        self.secrets.pr_branches.append(pr_branch)
+        self.temp_repo.git.checkout("tmp")
+        self.temp_repo.git.checkout("-b", base_branch)
+
+        # Create test gh-pages branch for checking index.yaml
+        self.create_test_gh_pages_branch(
+            self.secrets.test_repo, base_branch, self.secrets.bot_token
+        )
+
+        # Create a new base branch for testing current chart
+        logging.info(f"Create {self.secrets.test_repo}:{base_branch} for testing")
+        r = github_api(
+            "get", f"repos/{self.secrets.test_repo}/branches", self.secrets.bot_token
+        )
+        branches = json.loads(r.text)
+        branch_names = [branch["name"] for branch in branches]
+        if base_branch in branch_names:
+            logging.warning(f"{self.secrets.test_repo}:{base_branch} already exists")
+            return
+        data = {"ref": f"refs/heads/{base_branch}", "sha": pr_base_branch_sha}
+        r = github_api(
+            "post",
+            f"repos/{self.secrets.test_repo}/git/refs",
+            self.secrets.bot_token,
+            json=data,
+        )
+
+        # Remove chart and owners file from git
+        self.remove_chart(
+            chart_directory,
+            chart_version,
+            self.secrets.test_repo,
+            base_branch,
+            self.secrets.bot_token,
+        )
+        self.remove_owners_file(
+            chart_directory, self.secrets.test_repo, base_branch, self.secrets.bot_token
+        )
+
+        # Get owners id for notifications
+        self.get_owner_ids(chart_directory, owners_table)
+
+        # Create and push test owners file
+        super().create_and_push_owners_file(
+            chart_directory, base_branch, vendor_name, vendor_type, chart_name
+        )
+
+        # Push test chart to pr_branch
+        self.push_chart(
+            chart_directory,
+            chart_name,
+            chart_version,
+            vendor_name,
+            vendor_type,
+            pr_branch,
+        )
+
+        # Create PR from pr_branch to base_branch
+        logging.info("sleep for 5 seconds to avoid secondary api limit")
+        time.sleep(5)
+        pr_number = super().send_pull_request(
+            self.secrets.test_repo, base_branch, pr_branch, self.secrets.bot_token
+        )
+        pr_number_list.append(
+            (vendor_type, vendor_name, chart_name, chart_version, pr_number)
+        )
+        logging.info(
+            f"PR{pr_number} created in {self.secrets.test_repo} into {base_branch} from {pr_branch}"
+        )
+
+        # Record expected release tags
+        self.secrets.release_tags.append(f"{vendor_name}-{chart_name}-{chart_version}")
+
+    def process_all_charts(self):
+        self.setup_git_context(self.repo)
+        self.setup_temp_dir()
+
+        owners_table = dict()
+        pr_number_list = list()
+
+        skip_charts = list()
+
+        logging.info(
+            f"Running tests for : {self.secrets.software_name} {self.secrets.software_version} :"
+        )
+        # First look for charts in index.yaml to see if kubeVersion is good:
+        if self.secrets.software_name == "OpenShift":
+            logging.info("check index file for invalid kubeVersions")
+            failed_charts = check_index_entries(self.secrets.software_version)
+            if failed_charts:
+                for chart in failed_charts:
+                    providerDir = chart["providerType"].replace("partner", "partners")
+                    chart_directory = (
+                        f'charts/{providerDir}/{chart["provider"]}/{chart["name"]}'
+                    )
+                    self.get_owner_ids(chart_directory, owners_table)
+                    chart_owners = owners_table[chart_directory]
+                    chart_id = f'{chart["provider"]} {chart["name"]} {chart["version"]}'
+                    self.report_failure(
+                        chart_id, chart_owners, chart["message"], "", ""
+                    )
+                    skip_charts.append(f'{chart["name"]}-{chart["version"]}')
+
+        # Process test charts and send PRs from temporary directory
+        with SetDirectory(Path(self.temp_dir.name)):
+            for (
+                vendor_type,
+                vendor_name,
+                chart_name,
+                chart_version,
+            ) in self.secrets.submitted_charts:
+                if f"{chart_name}-{chart_version}" in skip_charts:
+                    logging.info(
+                        f"Skip already failed chart: {vendor_type}, {vendor_name}, {chart_name}, {chart_version}"
+                    )
+                else:
+                    logging.info(
+                        f"Process chart: {vendor_type}, {vendor_name}, {chart_name}, {chart_version}"
+                    )
+                    self.process_single_chart(
+                        vendor_type,
+                        vendor_name,
+                        chart_name,
+                        chart_version,
+                        pr_number_list,
+                        owners_table,
+                    )
+                    logging.info("sleep for 5 seconds  to avoid secondary api limit")
+                    time.sleep(5)
+
+        for (
+            vendor_type,
+            vendor_name,
+            chart_name,
+            chart_version,
+            pr_number,
+        ) in pr_number_list:
+            logging.info(
+                f"PR{pr_number} Check result: {vendor_type}, {vendor_name}, {chart_name}, {chart_version}"
+            )
+            self.check_single_chart_result(
+                vendor_type,
+                vendor_name,
+                chart_name,
+                chart_version,
+                pr_number,
+                owners_table,
+            )
diff --git a/tests/functional/behave_features/common/utils/env.py b/tests/functional/behave_features/common/utils/env.py
new file mode 100644
index 00000000000..494e9a4c713
--- /dev/null
+++ b/tests/functional/behave_features/common/utils/env.py
@@ -0,0 +1,67 @@
+# -*- coding: utf-8 -*-
+"""Utility class to reading environments."""
+import logging
+import os
+
+from common.utils.setttings import *
+
+
+def get_bot_name_and_token():
+    bot_name = os.environ.get("BOT_NAME")
+    logging.debug(f"Enviroment variable value BOT_NAME: {bot_name}")
+    bot_token = os.environ.get("BOT_TOKEN")
+    if not bot_name and not bot_token:
+        bot_name = "github-actions[bot]"
+        bot_token = os.environ.get("GITHUB_TOKEN")
+        if not bot_token:
+            raise Exception("BOT_TOKEN environment variable not defined")
+    elif not bot_name:
+        raise Exception("BOT_TOKEN set but BOT_NAME not specified")
+    elif not bot_token:
+        raise Exception("BOT_NAME set but BOT_TOKEN not specified")
+    return bot_name, bot_token
+
+
+def get_dry_run():
+    # Accepts 'true' or 'false', depending on whether we want to notify
+    # Don't notify on dry runs, default to True
+    dry_run = False if os.environ.get("DRY_RUN") == "false" else True
+    # Don't notify if not triggerd on PROD_REPO and PROD_BRANCH
+    if not dry_run:
+        triggered_branch = os.environ.get("GITHUB_REF").split("/")[-1]
+        triggered_repo = os.environ.get("GITHUB_REPOSITORY")
+        if triggered_repo != PROD_REPO or triggered_branch != PROD_BRANCH:
+            dry_run = True
+    return dry_run
+
+
+def get_notify_id():
+    # Accepts comma separated Github IDs or empty strings to override people to tag in notifications
+    notify_id = os.environ.get("NOTIFY_ID")
+    if notify_id:
+        notify_id = [vt.strip() for vt in notify_id.split(",")]
+    else:
+        notify_id = ["dperaza", "mmulholla"]
+    return notify_id
+
+
+def get_software_name_version():
+    software_name = os.environ.get("SOFTWARE_NAME")
+    if not software_name:
+        raise Exception("SOFTWARE_NAME environment variable not defined")
+
+    software_version = os.environ.get("SOFTWARE_VERSION").strip('"')
+    if not software_version:
+        raise Exception("SOFTWARE_VERSION environment variable not defined")
+    elif software_version.startswith("sha256"):
+        software_version = software_version[-8:]
+
+    return software_name, software_version
+
+
+def get_vendor_type():
+    vendor_type = os.environ.get("VENDOR_TYPE")
+    if not vendor_type:
+        logging.info("VENDOR_TYPE environment variable not defined, default to `all`")
+        vendor_type = "all"
+    return vendor_type
diff --git a/tests/functional/behave_features/common/utils/github.py b/tests/functional/behave_features/common/utils/github.py
new file mode 100644
index 00000000000..52dcbbe19e3
--- /dev/null
+++ b/tests/functional/behave_features/common/utils/github.py
@@ -0,0 +1,119 @@
+# -*- coding: utf-8 -*-
+"""Utility class for setting up and manipulating GitHub operations."""
+
+import json
+import requests
+import logging
+from retrying import retry
+
+from common.utils.setttings import *
+
+
+@retry(stop_max_delay=30_000, wait_fixed=1000)
+def get_run_id(secrets, pr_number=None):
+    pr = get_pr(secrets, pr_number)
+    r = github_api("get", f"repos/{secrets.test_repo}/actions/runs", secrets.bot_token)
+    runs = json.loads(r.text)
+
+    for run in runs["workflow_runs"]:
+        if (
+            run["head_sha"] == pr["head"]["sha"]
+            and run["name"] == CERTIFICATION_CI_NAME
+        ):
+            return run["id"]
+    else:
+        raise Exception("Workflow for the submitted PR did not run.")
+
+
+@retry(stop_max_delay=60_000 * 40, wait_fixed=2000)
+def get_run_result(secrets, run_id):
+    r = github_api(
+        "get", f"repos/{secrets.test_repo}/actions/runs/{run_id}", secrets.bot_token
+    )
+    run = json.loads(r.text)
+
+    if run["conclusion"] is None:
+        raise Exception(f"Workflow {run_id} is still running, PR: {secrets.pr_number} ")
+
+    return run["conclusion"]
+
+
+@retry(stop_max_delay=10_000, wait_fixed=1000)
+def check_release_assets(secrets, release_id, required_assets):
+    r = github_api(
+        "get",
+        f"repos/{secrets.test_repo}/releases/{release_id}/assets",
+        secrets.bot_token,
+    )
+    asset_list = json.loads(r.text)
+    asset_names = [asset["name"] for asset in asset_list]
+    logging.debug(f"FOUND RELEASE ASSETS: {asset_names}")
+    missing_assets = list()
+    for asset in required_assets:
+        if asset not in asset_names:
+            missing_assets.append(asset)
+    if len(missing_assets) > 0:
+        raise Exception(f"Missing release asset: {missing_assets}")
+
+
+@retry(stop_max_delay=15_000, wait_fixed=1000)
+def get_release_by_tag(secrets, release_tag):
+    r = github_api("get", f"repos/{secrets.test_repo}/releases", secrets.bot_token)
+    releases = json.loads(r.text)
+    for release in releases:
+        if release["tag_name"] == release_tag:
+            return release
+    raise Exception("Release not published")
+
+
+def get_pr(secrets, pr_number=None):
+    pr_number = secrets.pr_number if pr_number is None else pr_number
+    r = github_api(
+        "post", f"repos/{secrets.test_repo}/pulls/{pr_number}", secrets.bot_token
+    )
+    pr = json.loads(r.text)
+    return pr
+
+
+def github_api_get(endpoint, bot_token, headers={}):
+    if not headers:
+        headers = {
+            "Accept": "application/vnd.github.v3+json",
+            "Authorization": f"Bearer {bot_token}",
+        }
+    r = requests.get(f"{GITHUB_BASE_URL}/{endpoint}", headers=headers)
+
+    return r
+
+
+def github_api_delete(endpoint, bot_token, headers={}):
+    if not headers:
+        headers = {
+            "Accept": "application/vnd.github.v3+json",
+            "Authorization": f"Bearer {bot_token}",
+        }
+    r = requests.delete(f"{GITHUB_BASE_URL}/{endpoint}", headers=headers)
+
+    return r
+
+
+def github_api_post(endpoint, bot_token, headers={}, json={}):
+    if not headers:
+        headers = {
+            "Accept": "application/vnd.github.v3+json",
+            "Authorization": f"Bearer {bot_token}",
+        }
+    r = requests.post(f"{GITHUB_BASE_URL}/{endpoint}", headers=headers, json=json)
+
+    return r
+
+
+def github_api(method, endpoint, bot_token, headers={}, data={}, json={}):
+    if method == "get":
+        return github_api_get(endpoint, bot_token, headers=headers)
+    elif method == "post":
+        return github_api_post(endpoint, bot_token, headers=headers, json=json)
+    elif method == "delete":
+        return github_api_delete(endpoint, bot_token, headers=headers)
+    else:
+        raise ValueError("Github API method not implemented in helper function")
diff --git a/tests/functional/behave_features/common/utils/index.py b/tests/functional/behave_features/common/utils/index.py
new file mode 100644
index 00000000000..0213a95124c
--- /dev/null
+++ b/tests/functional/behave_features/common/utils/index.py
@@ -0,0 +1,49 @@
+import logging
+import semantic_version
+import sys
+
+sys.path.append("../../../../../scripts/src")
+from chartrepomanager import indexannotations
+from indexfile import index
+
+
+def check_index_entries(ocpVersion):
+    all_chart_list = index.get_latest_charts()
+    failed_chart_list = []
+
+    OCP_VERSION = semantic_version.Version.coerce(ocpVersion)
+
+    for chart in all_chart_list:
+        if (
+            "supportedOCP" in chart
+            and chart["supportedOCP"] != "N/A"
+            and chart["supportedOCP"] != ""
+        ):
+            if OCP_VERSION in semantic_version.NpmSpec(chart["supportedOCP"]):
+                logging.info(
+                    f'PASS: Chart {chart["name"]} {chart["version"]} supported OCP version {chart["supportedOCP"]} includes: {OCP_VERSION}'
+                )
+            else:
+                chart[
+                    "message"
+                ] = f'chart {chart["name"]} {chart["version"]} supported OCP version {chart["supportedOCP"]} does not include latest OCP version {OCP_VERSION}'
+                logging.info(
+                    f'   ERROR: Chart {chart["name"]} {chart["version"]} supported OCP version {chart["supportedOCP"]} does not include {OCP_VERSION}'
+                )
+                failed_chart_list.append(chart)
+        elif "kubeVersion" in chart and chart["kubeVersion"] != "":
+            supportedOCPVersion = indexannotations.getOCPVersions(chart["kubeVersion"])
+            if OCP_VERSION in semantic_version.NpmSpec(supportedOCPVersion):
+                logging.info(
+                    f'PASS: Chart {chart["name"]} {chart["version"]} kubeVersion  {chart["kubeVersion"]} (OCP: {supportedOCPVersion}) includes OCP version: {OCP_VERSION}'
+                )
+            else:
+                chart[
+                    "message"
+                ] = f'chart {chart["name"]} {chart["version"]} kubeVersion {chart["kubeVersion"]} (OCP: {supportedOCPVersion}) does not include latest OCP version {OCP_VERSION}'
+                logging.info(
+                    f'   ERROR: Chart {chart["name"]} {chart["version"]} kubeVersion {chart["kubeVersion"]} (OCP: {supportedOCPVersion}) does not include {OCP_VERSION}'
+                )
+                failed_chart_list.append(chart)
+
+    return failed_chart_list
diff --git a/tests/functional/behave_features/common/utils/notifier.py b/tests/functional/behave_features/common/utils/notifier.py
new file mode 100755
index 00000000000..edddb65bdd7
--- /dev/null
+++ b/tests/functional/behave_features/common/utils/notifier.py
@@ -0,0 +1,206 @@
+# -*- coding: utf-8 -*-
+"""Utility module for sending chart owners notifications."""
+
+import json
+import os
+import sys
+
+import requests
+
+from common.utils.setttings import *
+
+endpoint_data = {}
+
+CHECKS_FAILED = "checks failed"
+
+
+def _set_endpoint_key(key, env_var):
+    if key not in endpoint_data:
+        if env_var in os.environ:
+            endpoint_data[key] = os.environ[env_var]
+        else:
+            raise Exception(
+                f"Environment variables {env_var} is required to connect to github"
+            )
+
+
+def _set_endpoint():
+    _set_endpoint_key("access_token", "GITHUB_AUTH_TOKEN")
+    _set_endpoint_key("organization", "GITHUB_ORGANIZATION")
+    _set_endpoint_key("repo", "GITHUB_REPO")
+
+
+def _make_gihub_request(method, uri, body=None, params={}, headers={}, verbose=False):
+    headers.update(
+        {
+            "Authorization": f'Bearer {endpoint_data["access_token"]}',
+            "Accept": "application/vnd.github.v3+json",
+        }
+    )
+
+    url = f'{GITHUB_BASE_URL}/repos/{endpoint_data["organization"]}/{endpoint_data["repo"]}/{uri}'
+
+    print(f"API url: {url}")
+    method_map = {
+        "get": requests.get,
+        "post": requests.post,
+        "put": requests.put,
+        "delete": requests.delete,
+        "patch": requests.patch,
+    }
+    request_method = method_map[method]
+    response = request_method(url, params=params, headers=headers, json=body)
+    if verbose:
+        print(json.dumps(headers, indent=4, sort_keys=True))
+        print(json.dumps(body, indent=4, sort_keys=True))
+        print(json.dumps(params, indent=4, sort_keys=True))
+        print(response.text)
+    response.raise_for_status()
+    try:
+        resp_json = response.json()
+    except Exception:
+        resp_json = None
+    if resp_json and verbose:
+        print(json.dumps(resp_json, indent=4, sort_keys=True))
+    return resp_json
+
+
+# Call this method directly if you are not creating a verification issue nor a version change issue.
+def create_an_issue(title, description, assignees=[], labels=[]):
+    uri = "issues"
+    method = "post"
+    body = {
+        "title": title,
+        "body": description,
+        "assignees": assignees,
+        "labels": labels,
+    }
+    _make_gihub_request(method, uri, body=body, verbose=False)
+
+
+def _verify_endpoint(access_token):
+    if "repo" not in endpoint_data:
+        raise Exception("GITHUB_REPO environment variable not defined")
+
+    if "organization" not in endpoint_data:
+        raise Exception("GITHUB_ORGANIZATION environment variable not defined")
+
+    if access_token:
+        endpoint_data["access_token"] = access_token
+
+
+def create_verification_issue(
+    chart,
+    chart_owners,
+    failure_type,
+    notify_developers,
+    pr_url,
+    report_url,
+    software_name,
+    software_version,
+    access_token=None,
+    dry_run=False,
+):
+    """Create and issue with chart-verifier findings after a version change trigger.
+
+    chart_name -- Name of the chart that was verified. Include version for more verbose information\n
+    chart_owners -- Github IDs of the chart owners\n
+    failure_type - Indication of the type of failure
+    report_url -- URL or the report resulting from verification if applicable\n
+    kube-version -- The kubeVersion attribute of the chart if it is bade.\n
+    software_name -- Name of the software dependency that changed e.g, OCP and Chart Verifier\n
+    software_version -- The softwared dependency version used\n
+    access_token -- An optional github access token secret. If not passed will try to get from GITHUB_AUTH_TOKEN environment variable\
+    dry-run -- Set if the test run is a dry-run.
+    """
+
+    title = f"Chart {chart}"
+    if dry_run:
+        title = f"Dry Run: Chart {chart}"
+
+    if failure_type == CHECKS_FAILED:
+        title = f"{title} has failures with {software_name} version {software_version}"
+        report_result = "some chart checks have failed. Please review the failures and, if required, consider submitting a new chart version with the appropriate additions/corrections."
+        body = (
+            f"FYI @{' @'.join(notify_developers)}, in PR {pr_url} we triggered the chart certification workflow against chart {chart} because the workflow "
+            f"now supports {software_name} version {software_version}. We have found that {report_result}. Check details in the report: "
+            f"{report_url}, Chart owners are: {chart_owners}"
+        )
+    else:
+        title = f"{title} does not support {software_name} version {software_version}"
+        body = (
+            f"FYI @{' @'.join(notify_developers)}, we checked the OCP versions supported by {chart} because the workflow "
+            f"now supports {software_name} version {software_version}. We have found that {failure_type}. Chart owners are: {chart_owners}"
+        )
+
+    _set_endpoint()
+    _verify_endpoint(access_token)
+    create_an_issue(title, body)
+
+
+def create_version_change_issue(
+    chart_name, chart_owners, software_name, software_version, access_token=None
+):
+    """Create and issue with new version of software dependencies supported by certitifcation program.
+
+    chart_name -- Name of the chart afected. Include version for more verbose information
+    chart_owners -- Github IDs of the chart owners\n
+    software_name -- Name of the software dependency that changed e.g, OCP and Chart Verifier\n
+    software_version -- The softwared dependency version used\n
+    access_token -- An optional github access token secret. If not passed will try to get from GITHUB_AUTH_TOKEN environment variable\n
+    """
+
+    title = f"Action needed for {chart_name} after a certification dependency change"
+
+    body = (
+        f"FYI @{' @'.join(chart_owners)}, {software_name} {software_version} is now supported by the certification program. "
+        "Consider submiting a new chart version."
+    )
+
+    _set_endpoint()
+    _verify_endpoint(access_token)
+    create_an_issue(title, body)
+
+
+if __name__ == "__main__":
+    # Collecting info interactively
+    print("Enter the chart name: ")
+    chart_name = sys.stdin.readline().strip()
+    print("Enter chart owners: ")
+    chart_owners = sys.stdin.readline().strip().split()
+    print("Enter the github organization: ")
+    organization = sys.stdin.readline().strip()
+    print("Enter the github repo: ")
+    repo = sys.stdin.readline().strip()
+
+    # setting endpoint
+    print(f"Creating custom issue in https://github.com/{organization}/{repo}")
+    endpoint_data["organization"] = organization
+    endpoint_data["repo"] = repo
+
+    print("Enter the name of software dependency that changed: ")
+    software_name = sys.stdin.readline().strip()
+    print("Enter the version of software dependency that changed: ")
+    software_version = sys.stdin.readline().strip()
+
+    print("What type of issue are you creating (verification/version-change)?: ")
+    issue_type = sys.stdin.readline().strip()
+
+    if issue_type == "verification":
+        print("Enter the report url: ")
+        report_url = sys.stdin.readline().strip()
+        print("Did the chart verification pass (yes/no)?: ")
+        pass_answer = sys.stdin.readline().strip()
+        pass_verification = pass_answer == "yes"
+        create_verification_issue(
+            chart_name,
+            chart_owners,
+            report_url,
+            software_name,
+            software_version,
+            pass_verification=pass_verification,
+        )
+    else:
+        create_version_change_issue(
+            chart_name, chart_owners, software_name, software_version
+        )
diff --git a/tests/functional/behave_features/common/utils/secret.py b/tests/functional/behave_features/common/utils/secret.py
new file mode 100644
index 00000000000..b75e1e4c1d0
--- /dev/null
+++ b/tests/functional/behave_features/common/utils/secret.py
@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+"""Utility class for storing test specific settings."""
+
+from dataclasses import dataclass
+
+
+@dataclass
+class E2ETestSecret:
+    # common secrets between one-shot and recursive tests
+    test_repo: str = ""
+    bot_name: str = ""
+    bot_token: str = ""
+    pr_number: int = -1
+    vendor_type: str = ""
+    owners_file_content: str = ""
+
+
+@dataclass
+class E2ETestSecretOneShot(E2ETestSecret):
+    # one-shot testing
+    active_branch: str = ""
+    base_branch: str = ""
+    pr_branch: str = ""
+    pr_number: int = -1
+    vendor: str = ""
+    bad_version: str = ""
+    provider_delivery: bool = False
+    index_file: str = "index.yaml"
+
+
+@dataclass
+class E2ETestSecretRecursive(E2ETestSecret):
+    # recursive testing
+    software_name: str = ""
+    software_version: str = ""
+    pr_base_branch: str = ""
+    base_branches: list = None
+    pr_branches: list = None
+    dry_run: bool = True
+    notify_id: list = None
+    submitted_charts: list = None
+    release_tags: list = None
diff --git a/tests/functional/behave_features/common/utils/set_directory.py b/tests/functional/behave_features/common/utils/set_directory.py
new file mode 100644
index 00000000000..becb220e5af
--- /dev/null
+++ b/tests/functional/behave_features/common/utils/set_directory.py
@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+"""Sets the cwd within the context.
+
+Reference: https://dev.to/teckert/changing-directory-with-a-python-context-manager-2bj8
+"""
+
+import os
+from dataclasses import dataclass
+from pathlib import Path
+
+
+@dataclass
+class SetDirectory(object):
+    """
+    Args:
+        path (Path): The path to the cwd
+    """
+
+    path: Path
+    origin: Path = Path().absolute()
+
+    def __enter__(self):
+        os.chdir(self.path)
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        os.chdir(self.origin)
diff --git a/tests/functional/behave_features/common/utils/setttings.py b/tests/functional/behave_features/common/utils/setttings.py
new file mode 100644
index 00000000000..45caafc8601
--- /dev/null
+++ b/tests/functional/behave_features/common/utils/setttings.py
@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+"""Settings and global variables for e2e tests"""
+
+GITHUB_BASE_URL = "https://api.github.com"
+# The sandbox repository where we run all our tests on
+TEST_REPO = "openshift-helm-charts/sandbox"
+# The prod repository where we create notification issues
+PROD_REPO = "openshift-helm-charts/charts"
+# The prod branch where we store all chart files
+PROD_BRANCH = "main"
+# This is used to find chart certification workflow run id
+CERTIFICATION_CI_NAME = "CI"
+# GitHub actions bot email for git email
+GITHUB_ACTIONS_BOT_EMAIL = "41898282+github-actions[bot]@users.noreply.github.com"
diff --git a/tests/functional/behave_features/environment.py b/tests/functional/behave_features/environment.py
new file mode 100644
index 00000000000..d05a09ef65b
--- /dev/null
+++ b/tests/functional/behave_features/environment.py
@@ -0,0 +1,26 @@
+from behave import fixture, use_fixture
+from common.utils.chart_certification import ChartCertificationE2ETestSingle
+from common.utils.chart_certification import ChartCertificationE2ETestMultiple
+
+
+@fixture
+def workflow_test(context):
+    context.workflow_test = ChartCertificationE2ETestSingle(test_name=context.test_name)
+    yield context.workflow_test
+    context.workflow_test.cleanup()
+
+
+@fixture
+def submitted_chart_test(context):
+    context.chart_test = ChartCertificationE2ETestMultiple()
+    yield context.chart_test
+    context.chart_test.cleanup()
+
+
+def before_scenario(context, scenario):
+    if "version-change" in scenario.tags:
+        print("[INFO] Using submitted charts fixture")
+        use_fixture(submitted_chart_test, context)
+    else:
+        context.test_name = scenario.name.split("@")[0][:-4].split("]")[1]
+        use_fixture(workflow_test, context)
diff --git a/tests/functional/behave_features/steps/implementation.py b/tests/functional/behave_features/steps/implementation.py
new file mode 100644
index 00000000000..23fd9c81d32
--- /dev/null
+++ b/tests/functional/behave_features/steps/implementation.py
@@ -0,0 +1,518 @@
+from behave import given, when, then
+from common.utils.chart import Chart_Type, Release_Type
+
+
+############### Common step definitions ###############
+@given('the vendor "{vendor}" has a valid identity as "{vendor_type}"')
+def vendor_has_valid_identity(context, vendor, vendor_type):
+    context.workflow_test.set_vendor(vendor, vendor_type)
+
+
+@given('an error-free chart source is used in "{chart_path}"')
+def chart_source_is_used(context, chart_path):
+    context.workflow_test.update_test_charts(test_charts=[(Chart_Type.SRC, chart_path)])
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts()
+    context.workflow_test.push_charts()
+
+
+@given('chart source is used in "{chart_path}"')
+def user_has_used_chart_src(context, chart_path):
+    context.workflow_test.update_test_charts(test_charts=[(Chart_Type.SRC, chart_path)])
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts()
+
+
+@given('an error-free chart tarball is used in "{chart_path}"')
+def user_has_created_error_free_chart_tarball(context, chart_path):
+    context.workflow_test.update_test_charts(test_charts=[(Chart_Type.TAR, chart_path)])
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts()
+    context.workflow_test.push_charts()
+
+
+@given(
+    'a signed chart tarball is used in "{chart_path}" and public key in "{public_key_file}"'
+)
+def user_has_created_signed_chart_tarball(context, chart_path, public_key_file):
+    context.workflow_test.update_test_charts(test_charts=[(Chart_Type.TAR, chart_path)])
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file(public_key_file=public_key_file)
+    context.workflow_test.process_charts(include_prov_file=True)
+    context.workflow_test.push_charts()
+
+
+@given('signed chart tar used in "{chart_path}"')
+def user_has_created_signed_chart_tarball(context, chart_path):
+    context.workflow_test.update_test_charts(test_charts=[(Chart_Type.TAR, chart_path)])
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts(include_prov_file=True)
+    context.workflow_test.push_charts()
+
+
+@given(
+    'an error-free chart tarball used in "{chart_path}" and report in "{report_path}"'
+)
+def user_has_created_error_free_chart_tarball_and_report(
+    context, chart_path, report_path
+):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.TAR_AND_REPORT, chart_path, report_path)]
+    )
+
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts()
+    context.workflow_test.process_report()
+    context.workflow_test.push_charts()
+
+
+@given(
+    'a signed chart tar is used in "{chart_path}", report in "{report_path}" and public key in "{public_key_file}"'
+)
+def user_has_created_error_free_chart_tarball_and_report(
+    context, chart_path, report_path, public_key_file
+):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.TAR_AND_REPORT, chart_path, report_path)]
+    )
+
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file(public_key_file=public_key_file)
+    context.workflow_test.process_charts(include_prov_file=True)
+    context.workflow_test.process_report()
+    context.workflow_test.push_charts()
+
+
+@given(
+    'unsigned chart tarball is used in "{chart_path}" and public key used "{public_key_file}" in owners'
+)
+def user_has_created_error_free_chart_tarball(context, chart_path, public_key_file):
+    context.workflow_test.update_test_charts(test_charts=[(Chart_Type.TAR, chart_path)])
+
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file(public_key_file=public_key_file)
+    context.workflow_test.process_charts()
+    context.workflow_test.push_charts()
+
+
+@given('a chart tarball is used in "{chart_path}" and report in "{report_path}"')
+def user_has_created_a_chart_tarball_and_report(context, chart_path, report_path):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.TAR_AND_REPORT, chart_path, report_path)]
+    )
+
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts()
+
+
+@given(
+    'an error-free chart source used in "{chart_path}" and report in "{report_path}"'
+)
+def user_has_created_error_free_chart_src_and_report(context, chart_path, report_path):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.SRC_AND_REPORT, chart_path, report_path)]
+    )
+
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts()
+    context.workflow_test.process_report()
+    context.workflow_test.push_charts()
+
+
+@given('report is used in "{report_path}"')
+@given('an error-free report is used in "{report_path}"')
+def user_has_created_error_free_report(context, report_path):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.REPORT, report_path)]
+    )
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_report()
+
+
+@given(
+    'signed chart report used in "{report_path}" and public key in "{public_key_file}"'
+)
+def user_has_created_error_free_report(context, report_path, public_key_file):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.REPORT, report_path)]
+    )
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file(public_key_file=public_key_file)
+    context.workflow_test.process_report()
+
+
+@given('user wants to send two reports as in "{report_path_1}" and "{report_path_2}"')
+def user_has_created_error_free_report(context, report_path_1, report_path_2):
+    context.workflow_test.update_test_charts(
+        test_charts=[
+            (Chart_Type.REPORT, report_path_1),
+            (Chart_Type.REPORT, report_path_2),
+        ]
+    )
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_report()
+
+
+@given(
+    'user wants to send two chart sources as in "{chart_path_1}" and "{chart_path_2}"'
+)
+def user_wants_to_send_two_chart_sources(context, chart_path_1, chart_path_2):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.SRC, chart_path_1), (Chart_Type.SRC, chart_path_2)]
+    )
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts()
+    context.workflow_test.push_charts()
+
+
+@given('user wants to send two chart tars as in "{chart_path_1}" and "{chart_path_2}"')
+def user_wants_to_send_two_chart_tars(context, chart_path_1, chart_path_2):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.TAR, chart_path_1), (Chart_Type.TAR, chart_path_2)]
+    )
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts()
+    context.workflow_test.push_charts()
+
+
+@given(
+    'user wants to send two charts one with source "{chart_path}" and other with report "{report_path}"'
+)
+def user_wants_to_send_multiple_chart_one_with_src_and_other_with_report(
+    context, chart_path, report_path
+):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.SRC, chart_path), (Chart_Type.REPORT, report_path)]
+    )
+
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts()
+    context.workflow_test.process_report()
+    context.workflow_test.push_charts()
+
+
+@given(
+    'user wants to send two charts one with tar "{chart_path}" and other with report "{report_path}"'
+)
+def user_wants_to_send_multiple_chart_one_with_tar_and_other_with_report(
+    context, chart_path, report_path
+):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.TAR, chart_path), (Chart_Type.REPORT, report_path)]
+    )
+
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts()
+    context.workflow_test.process_report()
+    context.workflow_test.push_charts()
+
+
+@given('a "{report_path}" is provided')
+def user_generated_a_report(context, report_path):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.REPORT, report_path)]
+    )
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+
+
+@when("the user sends a pull request with the report")
+@when("the user sends a pull request with the chart")
+@when("the user sends a pull request with the chart and report")
+def user_sends_a_pull_request(context):
+    context.workflow_test.send_pull_request()
+
+
+@when("the user pushed the chart and created pull request")
+def user_pushed_the_chart_and_created_pull_request(context):
+    context.workflow_test.push_charts()
+    context.workflow_test.send_pull_request()
+
+
+@then("the user sees the pull request is merged")
+def pull_request_is_merged(context):
+    context.workflow_test.check_workflow_conclusion(expect_result="success")
+    context.workflow_test.check_pull_request_result(expect_merged=True)
+    context.workflow_test.check_pull_request_labels()
+
+
+@then("the index.yaml file is updated with an entry for the submitted chart")
+def index_yaml_updated_with_submitted_chart(context):
+    context.workflow_test.check_index_yaml()
+
+
+@then("a release is published with report only")
+def release_is_published(context):
+    context.workflow_test.check_release_result(release_type=Release_Type.REPORT_ONLY)
+
+
+@then("a release is published with corresponding report and chart tarball")
+def release_is_published(context):
+    context.workflow_test.check_release_result(
+        release_type=Release_Type.CHART_AND_REPORT
+    )
+
+
+@then("a release is published with corresponding report, tarball, prov and key")
+def release_is_published_for_signed_chart(context):
+    context.workflow_test.check_release_result(
+        release_type=Release_Type.CHART_REPORT_PROV_AND_KEY
+    )
+
+
+@then("a release is published with corresponding report and key")
+def release_is_published_for_signed_chart(context):
+    context.workflow_test.check_release_result(release_type=Release_Type.REPORT_AND_KEY)
+
+
+@then("a release is published with corresponding report, chart tar and prov file")
+def release_is_published_for_signed_chart_and_report(context):
+    context.workflow_test.check_release_result(
+        release_type=Release_Type.CHART_PROV_AND_REPORT
+    )
+
+
+@then("the pull request is not merged")
+def pull_request_is_not_merged(context):
+    context.workflow_test.check_workflow_conclusion(expect_result="failure")
+    context.workflow_test.check_pull_request_result(expect_merged=False)
+
+
+@then('user gets the "{message}" in the pull request comment')
+def user_gets_a_message(context, message):
+    context.workflow_test.check_pull_request_comments(expect_message=message)
+
+
+########## Unique step definitions #################
+
+
+@given("README file is missing in the chart")
+def readme_file_is_missing(context):
+    context.workflow_test.remove_readme_file()
+
+
+@then(
+    "the index.yaml file is updated with an entry for the submitted chart with correct providerType"
+)
+def index_yaml_is_updated_with_new_entry_with_correct_provider_type(context):
+    context.workflow_test.check_index_yaml(check_provider_type=True)
+
+
+@given('the report contains an "{invalid_url}"')
+def invalid_url_in_the_report(context, invalid_url):
+    context.workflow_test.process_report(update_url=True, url=invalid_url)
+
+
+@given("user adds a non chart related file")
+def user_adds_a_non_chart_related_file(context):
+    context.workflow_test.add_non_chart_related_file()
+
+
+@when("the user sends a pull request with both chart and non related file")
+def user_sends_pull_request_with_chart_and_non_related_file(context):
+    context.workflow_test.push_charts(add_non_chart_file=True)
+    context.workflow_test.send_pull_request()
+
+
+@given(
+    'provider delivery control is set to "{provider_control_owners}" in the OWNERS file'
+)
+def provider_delivery_control_set_in_owners(context, provider_control_owners):
+    context.workflow_test.update_provided_delivery(provider_control_owners)
+
+
+@given('provider delivery control is set to "{provider_control_report}" in the report')
+def provider_delivery_control_set_in_report(context, provider_control_report):
+    if provider_control_report == "true":
+        context.workflow_test.process_report(
+            update_provider_delivery=True, provider_delivery=True
+        )
+    else:
+        context.workflow_test.process_report(
+            update_provider_delivery=True, provider_delivery=False
+        )
+
+
+@given(
+    'provider delivery controls is set to "{provider_control_report}" and a package digest is "{package_digest_set}" in the report'
+)
+def provider_delivery_control_and_package_digest_set_in_report(
+    context, provider_control_report, package_digest_set=True
+):
+    if package_digest_set == "true":
+        no_package_digest = False
+    else:
+        no_package_digest = True
+
+    if provider_control_report == "true":
+        context.workflow_test.process_report(
+            update_provider_delivery=True,
+            provider_delivery=True,
+            unset_package_digest=no_package_digest,
+        )
+    else:
+        context.workflow_test.process_report(
+            update_provider_delivery=True,
+            provider_delivery=False,
+            unset_package_digest=no_package_digest,
+        )
+
+
+@then('the "{index_file}" is updated with an entry for the submitted chart')
+def index_file_is_updated(context, index_file):
+    context.workflow_test.secrets.index_file = index_file
+    context.workflow_test.check_index_yaml(True)
+
+
+@given(
+    'the report includes "{tested}" and "{supported}" OpenshiftVersion values and chart "{kubeversion}" value'
+)
+def report_includes_specified_versions(context, tested, supported, kubeversion):
+    context.workflow_test.process_report(
+        update_versions=True,
+        supported_versions=supported,
+        tested_version=tested,
+        kube_version=kubeversion,
+    )
+
+
+@given('the report has a "{check}" missing')
+def report_has_a_check_missing(context, check):
+    context.workflow_test.process_report(missing_check=check)
+
+
+@given('A "{user}" wants to submit a chart in "{chart_path}"')
+def user_wants_to_submit_a_chart(context, user, chart_path):
+    context.workflow_test.update_test_charts(test_charts=[(Chart_Type.SRC, chart_path)])
+    context.workflow_test.update_bot_name(user)
+
+
+@given('An authorized user wants to submit a chart in "{chart_path}"')
+def authorized_user_wants_to_submit_a_chart(context, chart_path):
+    context.workflow_test.update_test_charts(test_charts=[(Chart_Type.SRC, chart_path)])
+
+
+@given(
+    'a chart source used in "{chart_path}" and directory structure contains "{bad_version}"'
+)
+def a_user_wants_to_submit_a_chart_with_bad_semver(context, chart_path, bad_version):
+    context.workflow_test.update_test_charts(
+        test_charts=[(Chart_Type.SRC, chart_path)], new_chart_version=bad_version
+    )
+
+
+@given("the user creates a branch to add a new chart version")
+def the_user_creates_a_branch_to_add_a_new_chart_version(context):
+    context.workflow_test.setup_git_context()
+    context.workflow_test.setup_gh_pages_branch()
+    context.workflow_test.setup_temp_dir()
+    context.workflow_test.process_owners_file()
+    context.workflow_test.process_charts()
+    if context.workflow_test.secrets.bad_version:
+        context.workflow_test.update_chart_version_in_chart_yaml(
+            context.workflow_test.secrets.bad_version
+        )
+    context.workflow_test.push_charts()
+
+
+@given('Chart.yaml specifies a "{bad_version}"')
+def chart_yaml_specifies_bad_version(context, bad_version):
+    if bad_version != "":
+        context.workflow_test.update_bad_version(bad_version)
+
+
+@given('the report contains "{error}"')
+def sha_value_does_not_match(context, error):
+    if error == "sha_mismatch":
+        context.workflow_test.process_report(update_chart_sha=True)
+    else:
+        raise AssertionError(f"This {error} handling is not implemented yet")
+
+
+@when("the user sends a pull request with the chart tar and report")
+def user_sends_pull_request_with_chart_tarball_and_report(context):
+    context.workflow_test.push_charts()
+    context.workflow_test.send_pull_request()
+
+
+######## Test Submitted Charts Step definitions ##########
+@given("there is a github workflow for testing existing charts")
+def theres_github_workflow_for_testing_charts(context):
+    print("[INFO] Running step: there is a github workflow for testing existing charts")
+
+
+@when("a new Openshift or chart-verifier version is specified")
+def new_openshift_or_verifier_version_is_specified(context):
+    print("[INFO] Running step: a new Openshift or chart-verifier version is specified")
+
+
+@when("the vendor type is specified, e.g. partner, and/or redhat")
+def vendor_type_is_specified(context):
+    print(
+        "[INFO] Running step: the vendor type is specified, e.g. partner, and/or redhat"
+    )
+
+
+@when("workflow for testing existing charts is triggered")
+def workflow_is_triggered(context):
+    print("[INFO] Running step: workflow for testing existing charts is triggered")
+
+
+@then("submission tests are run for existing charts")
+def submission_tests_run_for_submitted_charts(context):
+    print("[INFO] Running step: submission tests are run for existing charts")
+    context.chart_test.process_all_charts()
+
+
+@then("all results are reported back to the caller")
+def all_results_report_back_to_caller(context):
+    print("[INFO] Running step: all results are reported back to the caller")
diff --git a/tests/functional/features/HC-01_chart_src_without_report.feature b/tests/functional/features/HC-01_chart_src_without_report.feature
new file mode 100644
index 00000000000..a02621e71c9
--- /dev/null
+++ b/tests/functional/features/HC-01_chart_src_without_report.feature
@@ -0,0 +1,31 @@
+Feature: Chart source submission without report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in source format without a report.
+
+    Examples:
+        | chart_path                   |
+        | tests/data/vault-0.17.0.tgz  |
+    
+    Scenario Outline: [HC-01-001] A partner or redhat associate submits an error-free chart source
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart source is used in <chart_path>
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+    
+        Examples:
+            | vendor_type  | vendor    |
+            | partners     | hashicorp |
+            | redhat       | redhat    |
+
+    Scenario Outline: [HC-01-002] A community user submits an error-free chart source without report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart source is used in <chart_path>
+        When the user sends a pull request with the chart
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type   | vendor    | message                                                                                     |
+            | community     | redhat    | Community charts require maintainer review and approval, a review will be conducted shortly |
diff --git a/tests/functional/features/HC-02_chart_tar_without_report.feature b/tests/functional/features/HC-02_chart_tar_without_report.feature
new file mode 100644
index 00000000000..b49da7b0308
--- /dev/null
+++ b/tests/functional/features/HC-02_chart_tar_without_report.feature
@@ -0,0 +1,31 @@
+Feature: Chart tarball submission without report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in tarball format without a report.
+
+    Examples:
+        | chart_path                   |
+        | tests/data/vault-0.17.0.tgz  |
+
+    Scenario Outline: [HC-02-001] A partner or redhat associate submits an error-free chart tarball
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart tarball is used in <chart_path>
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+
+        Examples:
+            | vendor_type  | vendor    |
+            | partners     | hashicorp |
+            | redhat       | redhat    |
+
+    Scenario Outline: [HC-02-002] A community user submits an error-free chart tarball without report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart tarball is used in <chart_path>
+        When the user sends a pull request with the chart
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type   | vendor    | message                                                                                     |
+            | community     | redhat    | Community charts require maintainer review and approval, a review will be conducted shortly |
diff --git a/tests/functional/features/HC-03_chart_verifier_comes_back_with_failures.feature b/tests/functional/features/HC-03_chart_verifier_comes_back_with_failures.feature
new file mode 100644
index 00000000000..5f21ab4ae3d
--- /dev/null
+++ b/tests/functional/features/HC-03_chart_verifier_comes_back_with_failures.feature
@@ -0,0 +1,33 @@
+Feature: Chart verifier comes back with a failure
+  Partners, redhat or community user submit charts which does not contain README file
+
+  Examples:
+      | chart_path                     |
+      | tests/data/vault-0.17.0.tgz    |
+
+  Scenario Outline: [HC-03-001] A partner or community user submits a chart which does not contain a readme file
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And chart source is used in <chart_path>
+    And README file is missing in the chart
+    When the user pushed the chart and created pull request
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+        | vendor_type  | vendor    | message                                                 |
+        | partners     | hashicorp | Chart does not have a README                            |
+        | community    | redhat    | Community charts require maintainer review and approval |
+
+  Scenario Outline: [HC-03-002] A redhat user submits a chart which does not contain a readme file
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And chart source is used in <chart_path>
+    And README file is missing in the chart
+    When the user pushed the chart and created pull request
+    Then the user sees the pull request is merged
+    And the index.yaml file is updated with an entry for the submitted chart with correct providerType
+    And a release is published with corresponding report and chart tarball
+  
+    Examples:
+        | vendor_type  | vendor    |
+        | redhat       | redhat    |
+
diff --git a/tests/functional/features/HC-04_invalid_url_in_the_report.feature b/tests/functional/features/HC-04_invalid_url_in_the_report.feature
new file mode 100644
index 00000000000..cde6a883309
--- /dev/null
+++ b/tests/functional/features/HC-04_invalid_url_in_the_report.feature
@@ -0,0 +1,26 @@
+Feature: Report contains an invalid URL
+    Partners, redhat and community users submits only report with an invalid URL
+
+    Examples:
+      | report_path               |
+      | tests/data/report.yaml    |
+    
+    Scenario Outline: [HC-04-001] A user submits a report with an invalid url
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And a <report_path> is provided
+        And the report contains an <invalid_url>
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type  | vendor    | invalid_url                                | message                 |
+            | partners     | hashicorp | example.com/vault-0.13.0.tgz               | Missing schema in URL   |
+            | partners     | hashicorp | htts://example.com/vault-0.13.0.tgz        | Invalid schema          |
+            | partners     | hashicorp | https:example.comvault-0.13.0.tgz          | Invalid URL             |
+            | redhat       | redhat    | example.com/vault-0.13.0.tgz               | Missing schema in URL   |
+            | redhat       | redhat    | htts://example.com/vault-0.13.0.tgz        | Invalid schema          |
+            | redhat       | redhat    | https:example.comvault-0.13.0.tgz          | Invalid URL             |
+            | community    | redhat    | example.com/vault-0.13.0.tgz               | Missing schema in URL   |
+            | community    | redhat    | htts://example.com/vault-0.13.0.tgz        | Invalid schema          |
+            | community    | redhat    | https:example.comvault-0.13.0.tgz          | Invalid URL             |
diff --git a/tests/functional/features/HC-05_pr_includes_a_file_which_is_not_chart_related.feature b/tests/functional/features/HC-05_pr_includes_a_file_which_is_not_chart_related.feature
new file mode 100644
index 00000000000..231af261807
--- /dev/null
+++ b/tests/functional/features/HC-05_pr_includes_a_file_which_is_not_chart_related.feature
@@ -0,0 +1,20 @@
+Feature: PR includes a non chart related file
+  Partners, redhat or community user submit charts which includes a file which is not part of the chart
+
+  Examples:
+      | chart_path                     | message                                             |
+      | tests/data/vault-0.17.0.tgz    | PR includes one or more files not related to charts |
+
+  Scenario Outline: [HC-05-001] A user submits a chart with non chart related file
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And chart source is used in <chart_path>
+    And user adds a non chart related file
+    When the user sends a pull request with both chart and non related file
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+        | vendor_type  | vendor    | 
+        | partners     | hashicorp |
+        | redhat       | redhat    |
+        | community    | redhat    |
diff --git a/tests/functional/features/HC-06_provider_delivery_control.feature b/tests/functional/features/HC-06_provider_delivery_control.feature
new file mode 100644
index 00000000000..2f7462035a9
--- /dev/null
+++ b/tests/functional/features/HC-06_provider_delivery_control.feature
@@ -0,0 +1,52 @@
+Feature: Report only submission with provider control settings
+  Partners can prevent publication of their chart by submitting
+  error-free report that was generated by chart-verifier and with
+  prvider controlled delivery set in the report and the OWNERS file.
+
+  Examples:
+  | report_path               |
+  | tests/data/report.yaml    |
+
+  @external-feedback
+  Scenario Outline: [HC-06-001] A partner associate submits an error-free report with provider controlled delivery
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And provider delivery control is set to <provider_control_owners> in the OWNERS file
+    And a <report_path> is provided
+    And provider delivery control is set to <provider_control_report> in the report
+    When the user sends a pull request with the report
+    Then the user sees the pull request is merged
+    And the <index_file> is updated with an entry for the submitted chart
+
+    Examples:
+      | vendor_type  | vendor    | index_file                        | provider_control_owners | provider_control_report |
+      | partners     | hashicorp | unpublished-certified-charts.yaml | true                    | true                    |
+
+  @external-feedback
+  Scenario Outline: [HC-06-002] A partner associate submits an error-free report and chart with provider controlled delivery
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And provider delivery control is set to <provider_control_owners> in the OWNERS file
+    And an error-free chart tarball is used in <chart_path> and report in <report_path>
+    And provider delivery control is set to <provider_control_report> in the report
+    When the user sends a pull request with the report
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+      | vendor_type  | vendor    | chart_path                  | provider_control_owners | provider_control_report | message |
+      | partners     | hashicorp | tests/data/vault-0.17.0.tgz | true                    | true                    | OWNERS file and/or report indicate provider controlled delivery but pull request is not report only. |
+
+  @external-feedback
+  Scenario Outline: [HC-06-003] A partner associate submits an error-free report with inconsistent provider controlled delivery setting
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And provider delivery control is set to <provider_control_owners> in the OWNERS file
+    And a <report_path> is provided
+    And provider delivery control is set to <provider_control_report> and a package digest is <package_digest_set> in the report
+    When the user sends a pull request with the report
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+      | vendor_type  | vendor    | provider_control_owners | provider_control_report | package_digest_set | message |
+      | partners     | hashicorp | true                    | false                   | true               | OWNERS file indicates provider controlled delivery but report does not. |
+      | partners     | hashicorp | false                   | true                    | true               | Report indicates provider controlled delivery but OWNERS file does not. |
+      | partners     | hashicorp | true                    | true                    | false              | Provider delivery control requires a package digest in the report. |
diff --git a/tests/functional/features/HC-07_report_and_chart_src.feature b/tests/functional/features/HC-07_report_and_chart_src.feature
new file mode 100644
index 00000000000..8cce8b8b859
--- /dev/null
+++ b/tests/functional/features/HC-07_report_and_chart_src.feature
@@ -0,0 +1,31 @@
+Feature: Chart source submission with report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in source format with a report.
+
+    Examples:
+        | chart_path                     | report_path               |
+        | tests/data/vault-0.17.0.tgz    | tests/data/report.yaml    |
+
+    Scenario Outline: [HC-07-001] A partner or redhat associate submits an error-free chart source with report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart source is used in <chart_path> and report in <report_path>
+        When the user sends a pull request with the chart and report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+
+        Examples:
+            | vendor_type  | vendor    |
+            | partners     | hashicorp |
+            | redhat       | redhat    |
+
+    Scenario Outline: [HC-07-002] A community user submits an error-free chart source with report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart source is used in <chart_path> and report in <report_path>
+        When the user sends a pull request with the chart and report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type   | vendor    | message                                                                                     |
+            | community     | redhat    | Community charts require maintainer review and approval, a review will be conducted shortly |
diff --git a/tests/functional/features/HC-08_report_and_chart_tar.feature b/tests/functional/features/HC-08_report_and_chart_tar.feature
new file mode 100644
index 00000000000..5899cbd4d92
--- /dev/null
+++ b/tests/functional/features/HC-08_report_and_chart_tar.feature
@@ -0,0 +1,31 @@
+Feature: Chart tarball submission with report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in tarball format with a report.
+
+    Examples:
+        | chart_path                     | report_path               |
+        | tests/data/vault-0.17.0.tgz    | tests/data/report.yaml    |
+
+    Scenario Outline: [HC-08-001] A partner or redhat associate submits an error-free chart tarball with report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart tarball is used in <chart_path> and report in <report_path>
+        When the user sends a pull request with the chart and report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+
+        Examples:
+            | vendor_type  | vendor    |
+            | partners     | hashicorp |
+            | redhat       | redhat    |
+    
+    Scenario Outline: [HC-08-002] A community user submits an error-free chart tarball with report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart tarball is used in <chart_path> and report in <report_path>
+        When the user sends a pull request with the chart and report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type   | vendor    | message                                                                                     |
+            | community     | redhat    | Community charts require maintainer review and approval, a review will be conducted shortly |
diff --git a/tests/functional/features/HC-09_report_in_json_format.feature b/tests/functional/features/HC-09_report_in_json_format.feature
new file mode 100644
index 00000000000..4cf0c2ba0e6
--- /dev/null
+++ b/tests/functional/features/HC-09_report_in_json_format.feature
@@ -0,0 +1,20 @@
+Feature: Report only submission in json format
+    Partners, redhat and community users trying to publish chart by submitting report in json format
+
+    Examples:
+        | report_path               | message                                                         |
+        | tests/data/report.json    | One of these must be modified: report, chart source, or tarball |
+    
+
+    Scenario Outline: [HC-09-001] An user submits an report in json format
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And report is used in <report_path>
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+    
+        Examples:
+            | vendor_type  | vendor    | 
+            | partners     | hashicorp | 
+            | redhat       | redhat    |
+            | community    | redhat    |
diff --git a/tests/functional/features/HC-10_report_only_edited.feature b/tests/functional/features/HC-10_report_only_edited.feature
new file mode 100644
index 00000000000..269fbaf9b3a
--- /dev/null
+++ b/tests/functional/features/HC-10_report_only_edited.feature
@@ -0,0 +1,24 @@
+Feature: Edited report only submission
+  Partners, redhat and community users attempt to publish their chart by submitting
+  report that was edited after it was generated by chart-verifier.
+
+  Examples:
+  | vendor_type  | vendor    | report_path               |
+  | partners     | hashicorp | tests/data/report.yaml    |
+  | redhat       | redhat    | tests/data/report.yaml    |
+  | community    | redhat    | tests/data/report.yaml    |
+
+  Scenario Outline: [HC-10-001] A partner or redhat associate submits an edited report
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And a <report_path> is provided
+    And the report includes <tested> and <supported> OpenshiftVersion values and chart <kubeversion> value
+    When the user sends a pull request with the report
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+      | tested | supported | kubeversion | message                                   |
+      | 4.9    | 4.6-4.9   | >=1.20.0    | is not a valid semantic version           |
+      | 4.0    | >=4.7     | >=1.20.0    | is not a supported OpenShift version      |
+      | 4.6    | >=4.7     | >=1.20.0    | not within specified kube-versions        |
+      | 4.8    | >=4.7     | >=1.21.0    | does not match supportedOpenShiftVersions |
\ No newline at end of file
diff --git a/tests/functional/features/HC-11_report_with_missing_checks.feature b/tests/functional/features/HC-11_report_with_missing_checks.feature
new file mode 100644
index 00000000000..6cf31206cbc
--- /dev/null
+++ b/tests/functional/features/HC-11_report_with_missing_checks.feature
@@ -0,0 +1,22 @@
+Feature: Report does not include a check
+    Partners, redhat and community users submits only report which does not include full set of checks
+
+    Examples:
+      | report_path               |
+      | tests/data/report.yaml    |
+    
+    Scenario Outline: [HC-11-001] A user submits a report with missing checks
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And a <report_path> is provided
+        And the report has a <check> missing
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type  | vendor    | check                          | message                                            |
+	    | partners     | hashicorp | v1.0/helm-lint                 | Missing mandatory check : v1.0/helm-lint           |
+	    # Commented this scenario, since it is failing , raised bug : https://issues.redhat.com/browse/HELM-289 , we can uncomment again when the issue fixed 
+	    #| redhat       | redhat    | v1.0/helm-lint                 | Missing mandatory check : v1.0/helm-lint           |
+	    | community    | redhat    | v1.0/helm-lint                 | Missing mandatory check : v1.0/helm-lint           |
+	    | partners     | hashicorp | v1.0/not-contains-crds         | Missing mandatory check : v1.0/not-contains-crds   |
diff --git a/tests/functional/features/HC-12_report_without_chart.feature b/tests/functional/features/HC-12_report_without_chart.feature
new file mode 100644
index 00000000000..9f228eca8ef
--- /dev/null
+++ b/tests/functional/features/HC-12_report_without_chart.feature
@@ -0,0 +1,31 @@
+Feature: Report only submission
+    Partners, redhat and community users can publish their chart by submitting
+    error-free report that was generated by chart-verifier.
+
+    Examples:
+        | report_path               |
+        | tests/data/report.yaml    |
+    
+
+    Scenario Outline: [HC-12-001] A partner or redhat associate submits an error-free report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free report is used in <report_path>
+        When the user sends a pull request with the report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+    
+        Examples:
+            | vendor_type  | vendor    |
+            | partners     | hashicorp |
+            | redhat       | redhat    |
+
+    Scenario Outline: [HC-12-002] A community user submits an error-free report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free report is used in <report_path>
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type   | vendor    | message                                                                                     |
+            | community     | redhat    | Community charts require maintainer review and approval, a review will be conducted shortly |
\ No newline at end of file
diff --git a/tests/functional/features/HC-13_sha_value_does_not_match.feature b/tests/functional/features/HC-13_sha_value_does_not_match.feature
new file mode 100644
index 00000000000..5ad4acda417
--- /dev/null
+++ b/tests/functional/features/HC-13_sha_value_does_not_match.feature
@@ -0,0 +1,21 @@
+Feature: SHA value in the report does not match
+    Partners, redhat and community users submits chart tar with report
+    where chart sha does not match with sha value digests.chart in the report
+
+    Examples:
+      | chart_path                     | report_path               |
+      | tests/data/vault-0.17.0.tgz    | tests/data/report.yaml    |
+    
+    Scenario Outline: [HC-13-001] A user submits a chart tarball with report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And a chart tarball is used in <chart_path> and report in <report_path>
+        And the report contains an <error>
+        When the user sends a pull request with the chart tar and report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type  | vendor    | error        | message                 |
+            | partners     | hashicorp | sha_mismatch | Digest is not matching  | 
+            | redhat       | redhat    | sha_mismatch | Digest is not matching  |
+            | community    | redhat    | sha_mismatch | Digest is not matching  |
diff --git a/tests/functional/features/HC-14_user_submits_chart_with_errors.feature b/tests/functional/features/HC-14_user_submits_chart_with_errors.feature
new file mode 100644
index 00000000000..b88218be644
--- /dev/null
+++ b/tests/functional/features/HC-14_user_submits_chart_with_errors.feature
@@ -0,0 +1,33 @@
+Feature: Chart submission with errors
+  Partners, redhat or community user submit charts which result in errors
+
+  Examples:
+  | vendor_type  | vendor    | chart   | version  | chart_path                     |
+  | partners     | hashicorp | vault   | 0.17.0   | tests/data/vault-0.17.0.tgz    |
+  | redhat       | redhat    | vault   | 0.17.0   | tests/data/vault-0.17.0.tgz    |
+  | community    | redhat    | vault   | 0.17.0   | tests/data/vault-0.17.0.tgz    |
+
+  Scenario Outline: [HC-14-001] An unauthorized user submits a chart
+    Given A <user> wants to submit a chart in <chart_path>
+    And <vendor> of <vendor_type> wants to submit <chart> of <version>
+    And the user creates a branch to add a new chart version
+    When the user sends a pull request with the chart
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+      | message                                          | user         |
+      | is not allowed to submit the chart on behalf of  | unauthorized |
+
+  Scenario Outline: [HC-14-002] An authorized user submits a chart with incorrect version
+    Given An authorized user wants to submit a chart in <chart_path>
+    And <vendor> of <vendor_type> wants to submit <chart> of <version>
+    And Chart.yaml specifies a <bad_version>
+    And the user creates a branch to add a new chart version
+    When the user sends a pull request with the chart
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+      | message                               | bad_version | 
+      | doesn't match the directory structure | 9.9.9       |
diff --git a/tests/functional/features/HC-15_check_submitted_charts.feature b/tests/functional/features/HC-15_check_submitted_charts.feature
new file mode 100644
index 00000000000..2806bceb3d3
--- /dev/null
+++ b/tests/functional/features/HC-15_check_submitted_charts.feature
@@ -0,0 +1,15 @@
+Feature: Check submitted charts
+    New Openshift or chart-verifier will trigger (automatically or manually) a recursive checking on
+    existing submitted charts under `charts/` directory with the specified Openshift and chart-verifier
+    version.
+
+    Besides, during workflow development, engineers would like to check if the changes will break checks
+    on existing submitted charts.
+
+    Scenario: [HC-15-001] A new Openshift or chart-verifier version is specified either by a cron job or manually
+        Given there's a github workflow for testing existing charts
+        When workflow for testing existing charts is triggered
+        And a new Openshift or chart-verifier version is specified
+        And the vendor type is specified, e.g. partner, and/or redhat
+        Then submission tests are run for existing charts
+        And all results are reported back to the caller
diff --git a/tests/functional/features/HC-16_chart_test_takes_more_than_30mins.feature b/tests/functional/features/HC-16_chart_test_takes_more_than_30mins.feature
new file mode 100644
index 00000000000..f76e5c679ba
--- /dev/null
+++ b/tests/functional/features/HC-16_chart_test_takes_more_than_30mins.feature
@@ -0,0 +1,31 @@
+Feature: Chart test takes longer time and exceeds default timeout
+  Partners, redhat or community user submit charts which result in errors
+
+  Examples:
+    | chart_path                                  | 
+    | tests/data/vault-test-timeout-0.17.0.tgz    | 
+
+  Scenario Outline: [HC-16-001] A partner or community user submits chart that takes more than 30 mins
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And an error-free chart tarball is used in <chart_path>
+    When the user sends a pull request with the chart
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+      | vendor_type  | vendor         | message                                                                                     |
+      | partners     | hashicorp      | (timeout has expired\|timed out waiting for the condition)                                 |
+      | community    | redhat         | Community charts require maintainer review and approval, a review will be conducted shortly |
+  
+  Scenario Outline: [HC-16-002] A redhat associate submits a chart that takes more than 30 mins
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart tarball is used in <chart_path>
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+    
+    Examples:
+      | vendor_type  | vendor       |
+      | redhat       | redhat       |
+
diff --git a/tests/functional/features/HC-16_dash_in_version.feature b/tests/functional/features/HC-16_dash_in_version.feature
new file mode 100644
index 00000000000..9d65c0c8fe4
--- /dev/null
+++ b/tests/functional/features/HC-16_dash_in_version.feature
@@ -0,0 +1,16 @@
+Feature: Report only submission
+    Partners, redhat and community users can publish their chart by submitting
+    error-free report that was generated by chart-verifier.
+
+    Scenario Outline: [HC-16-001] A partner or redhat associate submits report only with dash in chart version
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free report is used in <report_path>
+        When the user sends a pull request with the report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+
+        Examples:
+            | vendor_type  | vendor    | report_path |
+            | partners     | redhat    | tests/data/HC-16/dash-in-version/partner/report.yaml |
+            | redhat       | redhat    | tests/data/HC-16/dash-in-version/redhat/report.yaml  |
+
diff --git a/tests/functional/features/smoke/README.md b/tests/functional/features/smoke/README.md
new file mode 100644
index 00000000000..18e65318bc3
--- /dev/null
+++ b/tests/functional/features/smoke/README.md
@@ -0,0 +1,15 @@
+#Smoke Test Suite
+
+These feature files contains all the smoke tests (a subset of the all the feature files present under "features" directory).
+
+Smoke tests will run as part of the any workflow change done in the certifcation flow.
+
+This test suite cover the basic features of chart certification flow. Also tries to touch each verndor_type ie partners, redhat and community. 
+
+Many scenarios contains either partners or redhat path as they mostly share a common code.
+
+## Guideline for adding new testcases
+
+Motivation to design this test suite was to minimize testing time and any future test addition to this test suite should not exceed testing time limit of 30 minutes.
+
+Try to avoid expensive tests which require chart to be installed in certification cluster.
\ No newline at end of file
diff --git a/tests/functional/features/smoke/chart_src_without_report.feature b/tests/functional/features/smoke/chart_src_without_report.feature
new file mode 100644
index 00000000000..d2cf9cf0b21
--- /dev/null
+++ b/tests/functional/features/smoke/chart_src_without_report.feature
@@ -0,0 +1,19 @@
+Feature: Chart source submission without report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in source format without a report.
+
+    Examples:
+        | chart_path                   |
+        | tests/data/vault-0.17.0.tgz  |
+
+    Scenario Outline: A partner or redhat associate submits an error-free chart source
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart source is used in <chart_path>
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+    
+        Examples:
+            | vendor_type  | vendor    |
+            | partners     | hashicorp |
diff --git a/tests/functional/features/smoke/chart_tar_without_report.feature b/tests/functional/features/smoke/chart_tar_without_report.feature
new file mode 100644
index 00000000000..db5ceee8757
--- /dev/null
+++ b/tests/functional/features/smoke/chart_tar_without_report.feature
@@ -0,0 +1,20 @@
+Feature: Chart tarball submission without report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in tarball format without a report.
+
+    Examples:
+        | chart_path                   |
+        | tests/data/vault-0.17.0.tgz  |
+
+    Scenario Outline: A partner or redhat associate submits an error-free chart tarball
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart tarball is used in <chart_path>
+        When the user sends a pull request with the chart
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+
+        Examples:
+            | vendor_type  | vendor    |
+            | redhat       | redhat    |
+
diff --git a/tests/functional/features/smoke/chart_verifier_comes_back_with_failures.feature b/tests/functional/features/smoke/chart_verifier_comes_back_with_failures.feature
new file mode 100644
index 00000000000..b12cb39ce56
--- /dev/null
+++ b/tests/functional/features/smoke/chart_verifier_comes_back_with_failures.feature
@@ -0,0 +1,19 @@
+Feature: Chart verifier comes back with a failure
+  Partners, redhat or community user submit charts which does not contain README file
+
+  Examples:
+      | chart_path                     |
+      | tests/data/vault-0.17.0.tgz    |
+
+  Scenario Outline: A partner or community user submits a chart which does not contain a readme file
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And chart source is used in <chart_path>
+    And README file is missing in the chart
+    When the user pushed the chart and created pull request
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+        | vendor_type  | vendor    | message                                                 |
+        | partners     | hashicorp | Chart does not have a README                            |
+
diff --git a/tests/functional/features/smoke/invalid_url_in_the_report.feature b/tests/functional/features/smoke/invalid_url_in_the_report.feature
new file mode 100644
index 00000000000..ed1e577aef9
--- /dev/null
+++ b/tests/functional/features/smoke/invalid_url_in_the_report.feature
@@ -0,0 +1,20 @@
+Feature: Report contains an invalid URL
+    Partners, redhat and community users submits only report with an invalid URL
+
+    Examples:
+      | report_path               |
+      | tests/data/report.yaml    |
+    
+    Scenario Outline: A user submits a report with an invalid url
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And a <report_path> is provided
+        And the report contains an <invalid_url>
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type  | vendor    | invalid_url                                | message                 |
+            | partners     | hashicorp | example.com/vault-0.13.0.tgz               | Missing schema in URL   |
+            | redhat       | redhat    | htts://example.com/vault-0.13.0.tgz        | Invalid schema          |
+            | community    | redhat    | https:example.comvault-0.13.0.tgz          | Invalid URL             |
diff --git a/tests/functional/features/smoke/pr_includes_a_file_which_is_not_chart_related.feature b/tests/functional/features/smoke/pr_includes_a_file_which_is_not_chart_related.feature
new file mode 100644
index 00000000000..66e469648d6
--- /dev/null
+++ b/tests/functional/features/smoke/pr_includes_a_file_which_is_not_chart_related.feature
@@ -0,0 +1,18 @@
+Feature: PR includes a non chart related file
+  Partners, redhat or community user submit charts which includes a file which is not part of the chart
+
+  Examples:
+      | chart_path                     | message                                             |
+      | tests/data/vault-0.17.0.tgz    | PR includes one or more files not related to charts |
+
+  Scenario Outline: A user submits a chart with non chart related file
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And chart source is used in <chart_path>
+    And user adds a non chart related file
+    When the user sends a pull request with both chart and non related file
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+        | vendor_type  | vendor    | 
+        | partners     | hashicorp |
diff --git a/tests/functional/features/smoke/provider_delivery_control.feature b/tests/functional/features/smoke/provider_delivery_control.feature
new file mode 100644
index 00000000000..916f4b5e82d
--- /dev/null
+++ b/tests/functional/features/smoke/provider_delivery_control.feature
@@ -0,0 +1,22 @@
+Feature: Report only submission with provider control settings
+  Partners can prevent publication of their chart by submitting
+  error-free report that was generated by chart-verifier and with
+  provider controlled delivery set in the report and the OWNERS file.
+
+  Examples:
+  | report_path               |
+  | tests/data/report.yaml    |
+
+
+  Scenario Outline: A partner associate submits an error-free report with provider controlled delivery
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And provider delivery control is set to <provider_control_owners> in the OWNERS file
+    And an error-free report is used in <report_path>
+    And provider delivery control is set to <provider_control_report> in the report
+    When the user sends a pull request with the report
+    Then the user sees the pull request is merged
+    And the <index_file> is updated with an entry for the submitted chart
+
+    Examples:
+      | vendor_type  | vendor    | index_file                        | provider_control_owners | provider_control_report |
+      | partners     | hashicorp | unpublished-certified-charts.yaml | true                    | true                    |
diff --git a/tests/functional/features/smoke/report_and_chart_src.feature b/tests/functional/features/smoke/report_and_chart_src.feature
new file mode 100644
index 00000000000..e052f8b0ac3
--- /dev/null
+++ b/tests/functional/features/smoke/report_and_chart_src.feature
@@ -0,0 +1,30 @@
+Feature: Chart source submission with report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in source format with a report.
+
+    Examples:
+        | chart_path                     | report_path               |
+        | tests/data/vault-0.17.0.tgz    | tests/data/report.yaml    |
+
+    Scenario Outline: A partner or redhat associate submits an error-free chart source with report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart source is used in <chart_path> and report in <report_path>
+        When the user sends a pull request with the chart and report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+
+        Examples:
+            | vendor_type  | vendor    |
+            | partners     | hashicorp |
+
+    Scenario Outline: A community user submits an error-free chart source with report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart source is used in <chart_path> and report in <report_path>
+        When the user sends a pull request with the chart and report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type   | vendor    | message                                                                                     |
+            | community     | redhat    | Community charts require maintainer review and approval, a review will be conducted shortly |
diff --git a/tests/functional/features/smoke/report_and_chart_tar.feature b/tests/functional/features/smoke/report_and_chart_tar.feature
new file mode 100644
index 00000000000..094633dd478
--- /dev/null
+++ b/tests/functional/features/smoke/report_and_chart_tar.feature
@@ -0,0 +1,30 @@
+Feature: Chart tarball submission with report
+    Partners, redhat and community users can publish their chart by submitting
+    error-free chart in tarball format with a report.
+
+    Examples:
+        | chart_path                     | report_path               |
+        | tests/data/vault-0.17.0.tgz    | tests/data/report.yaml    |
+
+    Scenario Outline: A partner or redhat associate submits an error-free chart tarball with report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart tarball is used in <chart_path> and report in <report_path>
+        When the user sends a pull request with the chart and report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+        And a release is published with corresponding report and chart tarball
+
+        Examples:
+            | vendor_type  | vendor    |
+            | partners     | hashicorp |
+    
+    Scenario Outline: A community user submits an error-free chart tarball with report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free chart tarball is used in <chart_path> and report in <report_path>
+        When the user sends a pull request with the chart and report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type   | vendor    | message                                                                                     |
+            | community     | redhat    | Community charts require maintainer review and approval, a review will be conducted shortly |
diff --git a/tests/functional/features/smoke/report_only_edited.feature b/tests/functional/features/smoke/report_only_edited.feature
new file mode 100644
index 00000000000..b3be9730e69
--- /dev/null
+++ b/tests/functional/features/smoke/report_only_edited.feature
@@ -0,0 +1,18 @@
+Feature: Edited report only submission
+  Partners, redhat and community users attempt to publish their chart by submitting
+  report that was edited after it was generated by chart-verifier.
+
+  Scenario Outline: A partner or redhat associate submits an edited report
+    Given the vendor <vendor> has a valid identity as <vendor_type>
+    And a <report_path> is provided
+    And the report includes <tested> and <supported> OpenshiftVersion values and chart <kubeversion> value
+    When the user sends a pull request with the report
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+      | vendor_type  | vendor    | report_path               | tested | supported | kubeversion | message                                   |
+      | partners     | hashicorp | tests/data/report.yaml    | 4.9    | 4.6-4.9   | >=1.20.0    | is not a valid semantic version           |
+      | redhat       | redhat    | tests/data/report.yaml    | 4.0    | >=4.7     | >=1.20.0    | is not a supported OpenShift version      |
+      | community    | redhat    | tests/data/report.yaml    | 4.6    | >=4.7     | >=1.20.0    | not within specified kube-versions        |
+      | partners     | hashicorp | tests/data/report.yaml    | 4.8    | >=4.7     | >=1.21.0    | does not match supportedOpenShiftVersions |
\ No newline at end of file
diff --git a/tests/functional/features/smoke/report_with_missing_checks.feature b/tests/functional/features/smoke/report_with_missing_checks.feature
new file mode 100644
index 00000000000..433429b8ee1
--- /dev/null
+++ b/tests/functional/features/smoke/report_with_missing_checks.feature
@@ -0,0 +1,18 @@
+Feature: Report does not include a check
+    Partners, redhat and community users submits only report which does not include full set of checks
+
+    Examples:
+      | report_path               |
+      | tests/data/report.yaml    |
+    
+    Scenario Outline: A user submits a report with missing checks
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And a <report_path> is provided
+        And the report has a <check> missing
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type  | vendor    | check                          | message                                            |
+       	    | partners     | hashicorp | v1.0/helm-lint                 | Missing mandatory check : v1.0/helm-lint           |
diff --git a/tests/functional/features/smoke/report_without_chart.feature b/tests/functional/features/smoke/report_without_chart.feature
new file mode 100644
index 00000000000..d6ecd5b3ce4
--- /dev/null
+++ b/tests/functional/features/smoke/report_without_chart.feature
@@ -0,0 +1,30 @@
+Feature: Report only submission
+    Partners, redhat and community users can publish their chart by submitting
+    error-free report that was generated by chart-verifier.
+
+    Examples:
+        | report_path               |
+        | tests/data/report.yaml    |
+    
+
+    Scenario Outline: A partner or redhat associate submits an error-free report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free report is used in <report_path>
+        When the user sends a pull request with the report
+        Then the user sees the pull request is merged
+        And the index.yaml file is updated with an entry for the submitted chart
+    
+        Examples:
+            | vendor_type  | vendor    |
+            | partners     | hashicorp |
+
+    Scenario Outline: A community user submits an error-free report
+        Given the vendor <vendor> has a valid identity as <vendor_type>
+        And an error-free report is used in <report_path>
+        When the user sends a pull request with the report
+        Then the pull request is not merged
+        And user gets the <message> in the pull request comment
+
+        Examples:
+            | vendor_type   | vendor    | message                                                                                     |
+            | community     | redhat    | Community charts require maintainer review and approval, a review will be conducted shortly |
diff --git a/tests/functional/features/smoke/user_submits_chart_with_errors.feature b/tests/functional/features/smoke/user_submits_chart_with_errors.feature
new file mode 100644
index 00000000000..a7b03a77aef
--- /dev/null
+++ b/tests/functional/features/smoke/user_submits_chart_with_errors.feature
@@ -0,0 +1,31 @@
+Feature: Chart submission with errors
+  Partners, redhat or community user submit charts which result in errors
+
+  Examples:
+  | vendor_type  | vendor    | chart   | version  | chart_path                     |
+  | partners     | hashicorp | vault   | 0.17.0   | tests/data/vault-0.17.0.tgz    |
+
+  Scenario Outline: An unauthorized user submits a chart
+    Given A <user> wants to submit a chart in <chart_path>
+    And <vendor> of <vendor_type> wants to submit <chart> of <version>
+    And the user creates a branch to add a new chart version
+    When the user sends a pull request with the chart
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+      | message                                          | user         |
+      | is not allowed to submit the chart on behalf of  | unauthorized |
+
+  Scenario Outline: An authorized user submits a chart with incorrect version
+    Given An authorized user wants to submit a chart in <chart_path>
+    And <vendor> of <vendor_type> wants to submit <chart> of <version>
+    And Chart.yaml specifies a <bad_version>
+    And the user creates a branch to add a new chart version
+    When the user sends a pull request with the chart
+    Then the pull request is not merged
+    And user gets the <message> in the pull request comment
+
+    Examples:
+      | message                               | bad_version | 
+      | doesn't match the directory structure | 9.9.9       |
diff --git a/tests/functional/step_defs/HC-16_test_dash_in_version.py b/tests/functional/step_defs/HC-16_test_dash_in_version.py
new file mode 100644
index 00000000000..2cf574f24eb
--- /dev/null
+++ b/tests/functional/step_defs/HC-16_test_dash_in_version.py
@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+"""Report only submission
+
+Partners, redhat and community users can publish their chart by submitting
+error-free report that was generated by chart-verifier.
+"""
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Test Chart Report Only"
+    workflow_test = ChartCertificationE2ETestSingle(test_name=test_name)
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-16_dash_in_version.feature",
+    "[HC-16-001] A partner or redhat associate submits report only with dash in chart version",
+)
+def test_partner_or_redhat_user_submits_report_dash_in_version():
+    """A community user submits an error-free report"""
diff --git a/tests/functional/step_defs/__init__.py b/tests/functional/step_defs/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/tests/functional/step_defs/conftest.py b/tests/functional/step_defs/conftest.py
new file mode 100644
index 00000000000..0a82a31c14e
--- /dev/null
+++ b/tests/functional/step_defs/conftest.py
@@ -0,0 +1,264 @@
+import pytest
+from pytest_bdd import given, then, when, parsers
+
+
+########### GIVEN ####################
+@given(parsers.parse("A <user> wants to submit a chart in <chart_path>"))
+def user_wants_to_submit_a_chart(workflow_test, user, chart_path):
+    """A <user> wants to submit a chart in <chart_path>."""
+    workflow_test.update_test_chart(chart_path)
+    workflow_test.secrets.bot_name = user
+
+
+@given(parsers.parse("An authorized user wants to submit a chart in <chart_path>"))
+def authorized_user_wants_to_submit_a_chart(workflow_test, chart_path):
+    """A <user> wants to submit a chart in <chart_path>."""
+    workflow_test.update_test_chart(chart_path)
+
+
+@given(parsers.parse("<vendor> of <vendor_type> wants to submit <chart> of <version>"))
+def vendor_of_vendor_type_wants_to_submit_chart_of_version(
+    workflow_test, vendor, vendor_type, chart, version
+):
+    """<vendor> of <vendor_type> wants to submit <chart> of <version>"""
+    workflow_test.set_vendor(vendor, vendor_type)
+    workflow_test.chart_name, workflow_test.chart_version = chart, version
+
+
+@given(parsers.parse("Chart.yaml specifies a <bad_version>"))
+def chart_yaml_specifies_bad_version(workflow_test, bad_version):
+    """Chart.yaml specifies a <bad_version>"""
+    if bad_version != "":
+        workflow_test.secrets.bad_version = bad_version
+
+
+@given(parsers.parse("the vendor <vendor> has a valid identity as <vendor_type>"))
+def user_has_valid_identity(workflow_test, vendor, vendor_type):
+    """the vendor <vendor> has a valid identity as <vendor_type>."""
+    workflow_test.set_vendor(vendor, vendor_type)
+
+
+@given(
+    parsers.parse(
+        "an error-free chart source is used in <chart_path> and report in <report_path>"
+    )
+)
+def user_has_created_error_free_chart_src_and_report(
+    workflow_test, chart_path, report_path
+):
+    """an error-free chart source is used in <chart_path> and report in <report_path>."""
+    workflow_test.update_test_chart(chart_path)
+    workflow_test.update_test_report(report_path)
+
+    workflow_test.setup_git_context()
+    workflow_test.setup_gh_pages_branch()
+    workflow_test.setup_temp_dir()
+    workflow_test.process_owners_file()
+    workflow_test.process_chart(is_tarball=False)
+    workflow_test.process_report()
+    workflow_test.push_chart(is_tarball=False)
+
+
+@given(parsers.parse("an error-free chart source is used in <chart_path>"))
+def user_has_created_error_free_chart_src(workflow_test, chart_path):
+    """an error-free chart source is used in <chart_path>."""
+    workflow_test.update_test_chart(chart_path)
+    workflow_test.setup_git_context()
+    workflow_test.setup_gh_pages_branch()
+    workflow_test.setup_temp_dir()
+    workflow_test.process_owners_file()
+    workflow_test.process_chart(is_tarball=False)
+    workflow_test.push_chart(is_tarball=False)
+
+
+@given(
+    parsers.parse(
+        "an error-free chart tarball is used in <chart_path> and report in <report_path>"
+    )
+)
+def user_has_created_error_free_chart_tarball_and_report(
+    workflow_test, chart_path, report_path
+):
+    """an error-free chart tarball is used in <chart_path> and report in <report_path>."""
+    workflow_test.update_test_chart(chart_path)
+    workflow_test.update_test_report(report_path)
+
+    workflow_test.setup_git_context()
+    workflow_test.setup_gh_pages_branch()
+    workflow_test.setup_temp_dir()
+    workflow_test.process_owners_file()
+    workflow_test.process_chart(is_tarball=True)
+    workflow_test.process_report()
+    workflow_test.push_chart(is_tarball=True)
+
+
+@given(parsers.parse("an error-free chart tarball is used in <chart_path>"))
+def user_has_created_error_free_chart_tarball(workflow_test, chart_path):
+    """an error-free chart tarball is used in <chart_path>."""
+    workflow_test.update_test_chart(chart_path)
+    workflow_test.setup_git_context()
+    workflow_test.setup_gh_pages_branch()
+    workflow_test.setup_temp_dir()
+    workflow_test.process_owners_file()
+    workflow_test.process_chart(is_tarball=True)
+    workflow_test.push_chart(is_tarball=True)
+
+
+@given(parsers.parse("report is used in <report_path>"))
+@given(parsers.parse("an error-free report is used in <report_path>"))
+def user_has_created_error_free_report(workflow_test, report_path):
+    """an error-free report is used in <report_path>."""
+    workflow_test.update_test_report(report_path)
+    workflow_test.setup_git_context()
+    workflow_test.setup_gh_pages_branch()
+    workflow_test.setup_temp_dir()
+    workflow_test.process_owners_file()
+    workflow_test.process_report()
+
+
+@given(parsers.parse("a <report_path> is provided"))
+def user_generated_a_report(workflow_test, report_path):
+    """report used in <report_path>"""
+    workflow_test.update_test_report(report_path)
+    workflow_test.setup_git_context()
+    workflow_test.setup_gh_pages_branch()
+    workflow_test.setup_temp_dir()
+    workflow_test.process_owners_file()
+
+
+@given("the user creates a branch to add a new chart version")
+def the_user_creates_a_branch_to_add_a_new_chart_version(workflow_test):
+    """the user creates a branch to add a new chart version."""
+    workflow_test.setup_git_context()
+    workflow_test.setup_gh_pages_branch()
+    workflow_test.setup_temp_dir()
+    workflow_test.process_owners_file()
+    workflow_test.process_chart(is_tarball=False)
+    if workflow_test.secrets.bad_version:
+        workflow_test.update_chart_version_in_chart_yaml(
+            workflow_test.secrets.bad_version
+        )
+    workflow_test.push_chart(is_tarball=False)
+
+
+@given(parsers.parse("chart source is used in <chart_path>"))
+def user_has_used_chart_src(workflow_test, chart_path):
+    """chart source is used in <chart_path>."""
+    workflow_test.update_test_chart(chart_path)
+    workflow_test.setup_git_context()
+    workflow_test.setup_gh_pages_branch()
+    workflow_test.setup_temp_dir()
+    workflow_test.process_owners_file()
+    workflow_test.process_chart(is_tarball=False)
+
+
+@given(
+    parsers.parse("a chart tarball is used in <chart_path> and report in <report_path>")
+)
+def user_has_created_a_chart_tarball_and_report(workflow_test, chart_path, report_path):
+    """an error-free chart tarball is used in <chart_path> and report in <report_path>."""
+    workflow_test.update_test_chart(chart_path)
+    workflow_test.update_test_report(report_path)
+
+    workflow_test.setup_git_context()
+    workflow_test.setup_gh_pages_branch()
+    workflow_test.setup_temp_dir()
+    workflow_test.process_owners_file()
+    workflow_test.process_chart(is_tarball=True)
+
+
+@given("README file is missing in the chart")
+def readme_file_is_missing(workflow_test):
+    """README file is missing in the chart"""
+    workflow_test.remove_readme_file()
+
+
+@given(parsers.parse("the report contains an <invalid_url>"))
+def sha_value_does_not_match(workflow_test, invalid_url):
+    workflow_test.process_report(update_url=True, url=invalid_url)
+
+
+@given("user adds a non chart related file")
+def user_adds_a_non_chart_related_file(workflow_test):
+    """user adds a non chart related file"""
+    workflow_test.add_non_chart_related_file()
+
+
+@given(parsers.parse("the report contains an <error>"))
+def sha_value_does_not_match(workflow_test, error):
+    if error == "sha_mismatch":
+        workflow_test.process_report(update_chart_sha=True)
+    else:
+        pytest.fail(f"This {error} handling is not implemented yet")
+
+
+############### WHEN ####################
+@when("the user sends a pull request with the report")
+@when("the user sends a pull request with the chart")
+@when("the user sends a pull request with the chart and report")
+def user_sends_pull_request_with_chart_src_and_report(workflow_test):
+    """the user sends a pull request with the chart and report."""
+    workflow_test.send_pull_request()
+
+
+@when("the user pushed the chart and created pull request")
+def user_pushed_the_chart_and_created_pull_request_with_chart_src(workflow_test):
+    """the user pushed the chart and created pull request"""
+    workflow_test.push_chart(is_tarball=False)
+    workflow_test.send_pull_request()
+
+
+@when("the user sends a pull request with both chart and non related file")
+def user_sends_pull_request_with_chart_and_non_related_file(workflow_test):
+    """the user sends a pull request with both chart and non related file"""
+    workflow_test.push_chart(is_tarball=False, add_non_chart_file=True)
+    workflow_test.send_pull_request()
+
+
+@when("the user sends a pull request with the chart tar and report")
+def user_sends_pull_request_with_chart_tarball_and_report(workflow_test):
+    """the user sends a pull request with the chart and report."""
+    workflow_test.push_chart(is_tarball=True)
+    workflow_test.send_pull_request()
+
+
+################ THEN ################
+@then("the user sees the pull request is merged")
+def user_should_see_pull_request_getting_merged(workflow_test):
+    """the user sees the pull request is merged."""
+    workflow_test.check_workflow_conclusion(expect_result="success")
+    workflow_test.check_pull_request_result(expect_merged=True)
+    workflow_test.check_pull_request_labels()
+
+
+@then("the pull request is not merged")
+def the_pull_request_is_not_getting_merged(workflow_test):
+    """the pull request is not merged"""
+    workflow_test.check_workflow_conclusion(expect_result="failure")
+    workflow_test.check_pull_request_result(expect_merged=False)
+
+
+@then("the index.yaml file is updated with an entry for the submitted chart")
+def index_yaml_is_updated_with_new_entry(workflow_test):
+    """the index.yaml file is updated with an entry for the submitted chart."""
+    workflow_test.check_index_yaml()
+
+
+@then(
+    "the index.yaml file is updated with an entry for the submitted chart with correct providerType"
+)
+def index_yaml_is_updated_with_new_entry_with_correct_provider_type(workflow_test):
+    """the index.yaml file is updated with an entry for the submitted chart with correct providerType"""
+    workflow_test.check_index_yaml(check_provider_type=True)
+
+
+@then("a release is published with corresponding report and chart tarball")
+def release_is_published(workflow_test):
+    """a release is published with corresponding report and chart tarball."""
+    workflow_test.check_release_result()
+
+
+@then(parsers.parse("user gets the <message> in the pull request comment"))
+def user_gets_the_message_in_the_pull_request_comment(workflow_test, message):
+    """user gets the message in the pull request comment"""
+    workflow_test.check_pull_request_comments(expect_message=message)
diff --git a/tests/functional/step_defs/test_chart_src_with_report.py b/tests/functional/step_defs/test_chart_src_with_report.py
new file mode 100644
index 00000000000..450d2bb4dbf
--- /dev/null
+++ b/tests/functional/step_defs/test_chart_src_with_report.py
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+"""Chart source submission with report
+
+Partners, redhat and community users can publish their chart by submitting
+error-free chart in source format with a report.
+"""
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Test Chart Source With Report"
+    test_chart = "tests/data/vault-0.17.0.tgz"
+    test_report = "tests/data/report.yaml"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_chart=test_chart, test_report=test_report
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-07_report_and_chart_src.feature",
+    "[HC-07-001] A partner or redhat associate submits an error-free chart source with report",
+)
+def test_partner_or_redhat_user_submits_chart_src_with_report():
+    """A partner or redhat associate submits an error-free chart source with report."""
+
+
+@scenario(
+    "../features/HC-07_report_and_chart_src.feature",
+    "[HC-07-002] A community user submits an error-free chart source with report",
+)
+def test_community_user_submits_chart_src_with_report():
+    """A community user submits an error-free chart source with report"""
diff --git a/tests/functional/step_defs/test_chart_src_without_report.py b/tests/functional/step_defs/test_chart_src_without_report.py
new file mode 100644
index 00000000000..efa930a28e6
--- /dev/null
+++ b/tests/functional/step_defs/test_chart_src_without_report.py
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+"""Chart source submission without report
+
+Partners, redhat and community users can publish their chart by submitting
+error-free chart in source format without a report.
+"""
+import pytest
+from pytest_bdd import scenario
+
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Test Chart Source Without Report"
+    test_chart = "tests/data/vault-0.17.0.tgz"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_chart=test_chart
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-01_chart_src_without_report.feature",
+    "[HC-01-001] A partner or redhat associate submits an error-free chart source",
+)
+def test_partner_or_redhat_user_submits_chart_src():
+    """A partner or redhat associate submits an error-free chart source."""
+
+
+@scenario(
+    "../features/HC-01_chart_src_without_report.feature",
+    "[HC-01-002] A community user submits an error-free chart source without report",
+)
+def test_community_user_submits_chart_src():
+    """A community user submits an error-free chart source without report"""
diff --git a/tests/functional/step_defs/test_chart_tar_with_report.py b/tests/functional/step_defs/test_chart_tar_with_report.py
new file mode 100644
index 00000000000..e19b2df0398
--- /dev/null
+++ b/tests/functional/step_defs/test_chart_tar_with_report.py
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+"""Chart tarball submission with report
+
+Partners, redhat and community users can publish their chart by submitting
+error-free chart in tarball format with a report.
+"""
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Test Chart Tarball With Report"
+    test_chart = "tests/data/vault-0.17.0.tgz"
+    test_report = "tests/data/report.yaml"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_chart=test_chart, test_report=test_report
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-08_report_and_chart_tar.feature",
+    "[HC-08-001] A partner or redhat associate submits an error-free chart tarball with report",
+)
+def test_partners_or_redhat_user_submits_chart_tarball_with_report():
+    """A partner or redhat associate submits an error-free chart tarball with report."""
+
+
+@scenario(
+    "../features/HC-08_report_and_chart_tar.feature",
+    "[HC-08-002] A community user submits an error-free chart tarball with report",
+)
+def test_community_user_submits_chart_tarball_with_report():
+    """A community user submits an error-free chart tarball with report"""
diff --git a/tests/functional/step_defs/test_chart_tar_without_report.py b/tests/functional/step_defs/test_chart_tar_without_report.py
new file mode 100644
index 00000000000..abf8efe33a4
--- /dev/null
+++ b/tests/functional/step_defs/test_chart_tar_without_report.py
@@ -0,0 +1,37 @@
+# -*- coding: utf-8 -*-
+"""Chart tarball submission without report
+
+Partners, redhat and community users can publish their chart by submitting
+error-free chart in tarball format without a report.
+"""
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Test Chart Tarball Without Report"
+    test_chart = "tests/data/vault-0.17.0.tgz"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_chart=test_chart
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-02_chart_tar_without_report.feature",
+    "[HC-02-001] A partner or redhat associate submits an error-free chart tarball",
+)
+def test_partner_or_redhat_user_submits_chart_tarball():
+    """A partner or redhat associate submits an error-free chart tarball."""
+
+
+@scenario(
+    "../features/HC-02_chart_tar_without_report.feature",
+    "[HC-02-002] A community user submits an error-free chart tarball without report",
+)
+def test_community_user_submits_chart_tarball():
+    """A community user submits an error-free chart tarball without report"""
diff --git a/tests/functional/step_defs/test_chart_test_takes_more_than_30mins.py b/tests/functional/step_defs/test_chart_test_takes_more_than_30mins.py
new file mode 100644
index 00000000000..a38356cac8a
--- /dev/null
+++ b/tests/functional/step_defs/test_chart_test_takes_more_than_30mins.py
@@ -0,0 +1,42 @@
+# -*- coding: utf-8 -*-
+""" Chart test takes longer time and exceeds default timeout
+    Partners, redhat or community user submit charts which result in errors
+"""
+import datetime
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Chart test takes more than 30mins"
+    test_chart = "tests/data/vault-test-timeout-0.17.0.tgz"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_chart=test_chart
+    )
+    start_time = datetime.datetime.now()
+    yield workflow_test
+    workflow_test.cleanup()
+    end_time = datetime.datetime.now()
+    time_diff = end_time - start_time
+    total_diff_seconds = time_diff.total_seconds()
+    if not int(total_diff_seconds) >= 1800:
+        pytest.fail(f"Timeout is not as expected: {total_diff_seconds}")
+
+
+@scenario(
+    "../features/HC-16_chart_test_takes_more_than_30mins.feature",
+    "[HC-16-001] A partner or community user submits chart that takes more than 30 mins",
+)
+def test_partner_or_community_chart_test_takes_more_than_30mins():
+    """A partner or community submitted chart takes more than 30 mins"""
+
+
+@scenario(
+    "../features/HC-16_chart_test_takes_more_than_30mins.feature",
+    "[HC-16-002] A redhat associate submits a chart that takes more than 30 mins",
+)
+def test_redhat_chart_test_takes_more_than_30mins():
+    """A redhat submitted chart takes more than 30 mins"""
diff --git a/tests/functional/step_defs/test_chart_verifier_comes_back_with_failures.py b/tests/functional/step_defs/test_chart_verifier_comes_back_with_failures.py
new file mode 100644
index 00000000000..7529f0f6cc6
--- /dev/null
+++ b/tests/functional/step_defs/test_chart_verifier_comes_back_with_failures.py
@@ -0,0 +1,36 @@
+# -*- coding: utf-8 -*-
+"""
+Chart verifier comes back with a failure
+Partners, redhat or community user submit charts which does not contain README file
+"""
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Test Chart Submission Without Readme"
+    test_chart = "tests/data/vault-0.17.0.tgz"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_chart=test_chart
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-03_chart_verifier_comes_back_with_failures.feature",
+    "[HC-03-001] A partner or community user submits a chart which does not contain a readme file",
+)
+def test_partner_or_community_user_submits_chart_without_readme():
+    """A partner or community user submits a chart which does not contain a readme file"""
+
+
+@scenario(
+    "../features/HC-03_chart_verifier_comes_back_with_failures.feature",
+    "[HC-03-002] A redhat user submits a chart which does not contain a readme file",
+)
+def test_redhat_user_submits_chart_without_readme():
+    """A redhat user submits a chart which does not contain a readme file"""
diff --git a/tests/functional/step_defs/test_invalid_url_in_the_report.py b/tests/functional/step_defs/test_invalid_url_in_the_report.py
new file mode 100644
index 00000000000..d5691c5d4d4
--- /dev/null
+++ b/tests/functional/step_defs/test_invalid_url_in_the_report.py
@@ -0,0 +1,28 @@
+# -*- coding: utf-8 -*-
+"""
+Report contains an invalid URL
+Partners, redhat and community users submits only report with an invalid URL
+"""
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Invalid Chart URL"
+    test_report = "tests/data/report.yaml"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_report=test_report
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-04_invalid_url_in_the_report.feature",
+    "[HC-04-001] A user submits a report with an invalid url",
+)
+def test_report_submission_with_invalid_url():
+    """A user submits a report with an invalid url."""
diff --git a/tests/functional/step_defs/test_pr_includes_a_file_which_is_not_related.py b/tests/functional/step_defs/test_pr_includes_a_file_which_is_not_related.py
new file mode 100644
index 00000000000..cf64b378ef7
--- /dev/null
+++ b/tests/functional/step_defs/test_pr_includes_a_file_which_is_not_related.py
@@ -0,0 +1,28 @@
+# -*- coding: utf-8 -*-
+"""
+PR includes a non chart related file
+Partners, redhat or community user submit charts which includes a file which is not part of the chart
+"""
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Test PR Includes A Non Related File"
+    test_chart = "tests/data/vault-0.17.0.tgz"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_chart=test_chart
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-05_pr_includes_a_file_which_is_not_chart_related.feature",
+    "[HC-05-001] A user submits a chart with non chart related file",
+)
+def test_user_submits_chart_with_non_related_file():
+    """A user submits a chart with non chart related file"""
diff --git a/tests/functional/step_defs/test_provider_delivery_control.py b/tests/functional/step_defs/test_provider_delivery_control.py
new file mode 100644
index 00000000000..383c8d1ba07
--- /dev/null
+++ b/tests/functional/step_defs/test_provider_delivery_control.py
@@ -0,0 +1,114 @@
+# -*- coding: utf-8 -*-
+"""Chart tarball submission with report
+
+Partners, redhat and community users can publish their chart by submitting
+error-free chart in tarball format with a report.
+"""
+import pytest
+from pytest_bdd import scenario, given, parsers, then
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Test Porvider Delivery Control"
+    test_chart = "tests/data/vault-0.17.0.tgz"
+    test_report = "tests/data/report.yaml"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_chart=test_chart, test_report=test_report
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-06_provider_delivery_control.feature",
+    "[HC-06-001] A partner associate submits an error-free report with provider controlled delivery",
+)
+def test_partners_submits_error_free_report_for_provider_controlled_delivery():
+    """A partner submits an error-free report for provider controlled delivery."""
+
+
+@scenario(
+    "../features/HC-06_provider_delivery_control.feature",
+    "[HC-06-002] A partner associate submits an error-free report and chart with provider controlled delivery",
+)
+def test_partners_submits_error_free_report_and_chart_for_provider_controlled_delivery():
+    """A partner submits an error-free report and chart for provider controlled delivery."""
+
+
+@scenario(
+    "../features/HC-06_provider_delivery_control.feature",
+    "[HC-06-003] A partner associate submits an error-free report with inconsistent provider controlled delivery setting",
+)
+def test_partners_submits_error_free_report_with_inconsistent_provider_controlled_delivery_settings():
+    """A partner submits an error-free report with inconsistent settings for provider controlled delivery."""
+
+
+@given(
+    parsers.parse(
+        "provider delivery control is set to <provider_control_owners> in the OWNERS file"
+    )
+)
+def provider_delivery_control_set_in_owners(workflow_test, provider_control_owners):
+    if provider_control_owners == "true":
+        print("[INFO] set provider delivery control_in owners file")
+        workflow_test.secrets.provider_delivery = True
+    else:
+        print("[INFO] un-set provider delivery control_in owners file")
+        workflow_test.secrets.provider_delivery = False
+
+
+@given(
+    parsers.parse(
+        "provider delivery control is set to <provider_control_report> in the report"
+    )
+)
+def provider_delivery_control_set_in_report(workflow_test, provider_control_report):
+    if provider_control_report == "true":
+        print("[INFO] set provider delivery control_in report")
+        workflow_test.process_report(
+            update_provider_delivery=True, provider_delivery=True
+        )
+    else:
+        print("[INFO] un-set provider delivery control_in report")
+        workflow_test.process_report(
+            update_provider_delivery=True, provider_delivery=False
+        )
+
+
+@given(
+    parsers.parse(
+        "provider delivery control is set to <provider_control_report> and a package digest is <package_digest_set> in the report"
+    )
+)
+def provider_delivery_control_and_package_digest_set_in_report(
+    workflow_test, provider_control_report, package_digest_set=True
+):
+    if package_digest_set == "true":
+        no_package_digest = False
+    else:
+        no_package_digest = True
+
+    if provider_control_report == "true":
+        print("[INFO] set provider delivery control_in report")
+        workflow_test.process_report(
+            update_provider_delivery=True,
+            provider_delivery=True,
+            unset_package_digest=no_package_digest,
+        )
+    else:
+        print("[INFO] un-set provider delivery control_in report")
+        workflow_test.process_report(
+            update_provider_delivery=True,
+            provider_delivery=False,
+            unset_package_digest=no_package_digest,
+        )
+
+
+@then(
+    parsers.parse("the <index_file> is updated with an entry for the submitted chart")
+)
+def index_file_is_updated(workflow_test, index_file):
+    workflow_test.secrets.index_file = index_file
+    workflow_test.check_index_yaml(True)
diff --git a/tests/functional/step_defs/test_report_in_json_format.py b/tests/functional/step_defs/test_report_in_json_format.py
new file mode 100644
index 00000000000..3bf59b64b64
--- /dev/null
+++ b/tests/functional/step_defs/test_report_in_json_format.py
@@ -0,0 +1,28 @@
+# -*- coding: utf-8 -*-
+"""
+Report only submission in json format
+Partners, redhat and community users trying to publish chart by submitting report in json format
+"""
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Test Report in Json Format"
+    test_report = "tests/data/report.json"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_report=test_report
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-09_report_in_json_format.feature",
+    "[HC-09-001] An user submits an report in json format",
+)
+def an_user_submits_report_in_json_format():
+    """An user submits an report in json format."""
diff --git a/tests/functional/step_defs/test_report_only_edited.py b/tests/functional/step_defs/test_report_only_edited.py
new file mode 100644
index 00000000000..684eca9a040
--- /dev/null
+++ b/tests/functional/step_defs/test_report_only_edited.py
@@ -0,0 +1,37 @@
+import pytest
+from pytest_bdd import scenario, given, parsers
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Test Edited Report Failures"
+    test_report = "tests/data/report.yaml"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_report=test_report
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-10_report_only_edited.feature",
+    "[HC-10-001] A partner or redhat associate submits an edited report",
+)
+def test_partner_or_redhat_user_submits_edited_report():
+    """A partner or redhat associate submits an edited report."""
+
+
+@given(
+    parsers.parse(
+        "the report includes <tested> and <supported> OpenshiftVersion values and chart <kubeversion> value"
+    )
+)
+def report_includes_specified_versions(workflow_test, tested, supported, kubeversion):
+    workflow_test.process_report(
+        update_versions=True,
+        supported_versions=supported,
+        tested_version=tested,
+        kube_version=kubeversion,
+    )
diff --git a/tests/functional/step_defs/test_report_only_no_errors.py b/tests/functional/step_defs/test_report_only_no_errors.py
new file mode 100644
index 00000000000..a77e5ae7077
--- /dev/null
+++ b/tests/functional/step_defs/test_report_only_no_errors.py
@@ -0,0 +1,37 @@
+# -*- coding: utf-8 -*-
+"""Report only submission
+
+Partners, redhat and community users can publish their chart by submitting
+error-free report that was generated by chart-verifier.
+"""
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Test Chart Report Only"
+    test_report = "tests/data/report.yaml"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_report=test_report
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-12_report_without_chart.feature",
+    "[HC-12-001] A partner or redhat associate submits an error-free report",
+)
+def test_partner_or_redhat_user_submits_report():
+    """A partner or redhat associate submits an error-free report."""
+
+
+@scenario(
+    "../features/HC-12_report_without_chart.feature",
+    "[HC-12-002] A community user submits an error-free report",
+)
+def test_community_user_submits_report():
+    """A community user submits an error-free report"""
diff --git a/tests/functional/step_defs/test_report_with_missing_checks.py b/tests/functional/step_defs/test_report_with_missing_checks.py
new file mode 100644
index 00000000000..5e3fa6b972a
--- /dev/null
+++ b/tests/functional/step_defs/test_report_with_missing_checks.py
@@ -0,0 +1,33 @@
+# -*- coding: utf-8 -*-
+"""
+Report does not include a check
+Partners, redhat and community users submits only report which does not include full set of checks
+"""
+import pytest
+from pytest_bdd import scenario, given, parsers
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Report with missing checks"
+    test_report = "tests/data/report.yaml"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_report=test_report
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-11_report_with_missing_checks.feature",
+    "[HC-11-001] A user submits a report with missing checks",
+)
+def test_report_submission_with_missing_checks():
+    """A user submits a report with missing checks."""
+
+
+@given(parsers.parse("the report has a <check> missing"))
+def report_has_a_check_missing(workflow_test, check):
+    workflow_test.process_report(missing_check=check)
diff --git a/tests/functional/step_defs/test_sha_value_does_not_match.py b/tests/functional/step_defs/test_sha_value_does_not_match.py
new file mode 100644
index 00000000000..373dc22738d
--- /dev/null
+++ b/tests/functional/step_defs/test_sha_value_does_not_match.py
@@ -0,0 +1,29 @@
+# -*- coding: utf-8 -*-
+"""SHA value in the report does not match
+Partners, redhat and community users submits chart tar with report
+where tar sha does not match with sha value digests.chart in the report
+"""
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "SHA Value Does Not Match"
+    test_chart = "tests/data/vault-0.17.0.tgz"
+    test_report = "tests/data/report.yaml"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_chart=test_chart, test_report=test_report
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-13_sha_value_does_not_match.feature",
+    "[HC-13-001] A user submits a chart tarball with report",
+)
+def test_chart_submission_with_report():
+    """A user submits a chart tarball with report."""
diff --git a/tests/functional/step_defs/test_smoke_scenarios.py b/tests/functional/step_defs/test_smoke_scenarios.py
new file mode 100644
index 00000000000..12dbbc2aca7
--- /dev/null
+++ b/tests/functional/step_defs/test_smoke_scenarios.py
@@ -0,0 +1,203 @@
+import pytest
+from pytest_bdd import scenario, given, parsers, then
+
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Smoke Test"
+    test_chart = "tests/data/vault-0.17.0.tgz"
+    test_report = "tests/data/report.yaml"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_chart=test_chart, test_report=test_report
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/smoke/chart_src_without_report.feature",
+    "A partner or redhat associate submits an error-free chart source",
+)
+def test_partner_or_redhat_user_submits_chart_src():
+    """A partner or redhat associate submits an error-free chart source."""
+
+
+@scenario(
+    "../features/smoke/chart_tar_without_report.feature",
+    "A partner or redhat associate submits an error-free chart tarball",
+)
+def test_partner_or_redhat_user_submits_chart_tarball():
+    """A partner or redhat associate submits an error-free chart tarball."""
+
+
+@scenario(
+    "../features/smoke/report_and_chart_src.feature",
+    "A partner or redhat associate submits an error-free chart source with report",
+)
+def test_partner_or_redhat_user_submits_chart_src_with_report():
+    """A partner or redhat associate submits an error-free chart source with report."""
+
+
+@scenario(
+    "../features/smoke/report_and_chart_src.feature",
+    "A community user submits an error-free chart source with report",
+)
+def test_community_user_submits_chart_src_with_report():
+    """A community user submits an error-free chart source with report"""
+
+
+@scenario(
+    "../features/smoke/report_and_chart_tar.feature",
+    "A partner or redhat associate submits an error-free chart tarball with report",
+)
+def test_partners_or_redhat_user_submits_chart_tarball_with_report():
+    """A partner or redhat associate submits an error-free chart tarball with report."""
+
+
+@scenario(
+    "../features/smoke/report_and_chart_tar.feature",
+    "A community user submits an error-free chart tarball with report",
+)
+def test_community_user_submits_chart_tarball_with_report():
+    """A community user submits an error-free chart tarball with report"""
+
+
+@scenario(
+    "../features/smoke/report_without_chart.feature",
+    "A partner or redhat associate submits an error-free report",
+)
+def test_partner_or_redhat_user_submits_report():
+    """A partner or redhat associate submits an error-free report."""
+
+
+@scenario(
+    "../features/smoke/report_without_chart.feature",
+    "A community user submits an error-free report",
+)
+def test_community_user_submits_report():
+    """A community user submits an error-free report"""
+
+
+@scenario(
+    "../features/smoke/chart_verifier_comes_back_with_failures.feature",
+    "A partner or community user submits a chart which does not contain a readme file",
+)
+def test_partner_or_community_user_submits_chart_without_readme():
+    """A partner or community user submits a chart which does not contain a readme file"""
+
+
+@scenario(
+    "../features/smoke/invalid_url_in_the_report.feature",
+    "A user submits a report with an invalid url",
+)
+def test_report_submission_with_invalid_url():
+    """A user submits a report with an invalid url."""
+
+
+@scenario(
+    "../features/smoke/pr_includes_a_file_which_is_not_chart_related.feature",
+    "A user submits a chart with non chart related file",
+)
+def test_user_submits_chart_with_non_related_file():
+    """A user submits a chart with non chart related file"""
+
+
+@scenario(
+    "../features/smoke/report_only_edited.feature",
+    "A partner or redhat associate submits an edited report",
+)
+def test_partner_or_redhat_user_submits_edited_report():
+    """A partner or redhat associate submits an edited report."""
+
+
+@scenario(
+    "../features/smoke/report_with_missing_checks.feature",
+    "A user submits a report with missing checks",
+)
+def test_report_submission_with_missing_checks():
+    """A user submits a report with missing checks."""
+
+
+@scenario(
+    "../features/smoke/user_submits_chart_with_errors.feature",
+    "An unauthorized user submits a chart",
+)
+def test_chart_submission_by_unauthorized_user():
+    """An unauthorized user submits a chart"""
+
+
+@scenario(
+    "../features/smoke/user_submits_chart_with_errors.feature",
+    "An authorized user submits a chart with incorrect version",
+)
+def test_chart_submission_with_incorrect_version():
+    """An authorized user submits a chart with incorrect version"""
+
+
+@scenario(
+    "../features/smoke/provider_delivery_control.feature",
+    "A partner associate submits an error-free report with provider controlled delivery",
+)
+def test_partners_submits_error_free_report_for_provider_controlled_delivery():
+    """A partner submits an error-free report for provider controlled delivery."""
+
+
+@given(parsers.parse("the report has a <check> missing"))
+def report_has_a_check_missing(workflow_test, check):
+    workflow_test.process_report(missing_check=check)
+
+
+@given(
+    parsers.parse(
+        "the report includes <tested> and <supported> OpenshiftVersion values and chart <kubeversion> value"
+    )
+)
+def report_includes_specified_versions(workflow_test, tested, supported, kubeversion):
+    workflow_test.process_report(
+        update_versions=True,
+        supported_versions=supported,
+        tested_version=tested,
+        kube_version=kubeversion,
+    )
+
+
+@given(
+    parsers.parse(
+        "provider delivery control is set to <provider_control_owners> in the OWNERS file"
+    )
+)
+def provider_delivery_control_set_in_owners(workflow_test, provider_control_owners):
+    if provider_control_owners == "true":
+        print("[INFO] set provider delivery control_in owners file")
+        workflow_test.secrets.provider_delivery = True
+    else:
+        print("[INFO] un-set provider delivery control_in owners file")
+        workflow_test.secrets.provider_delivery = False
+
+
+@given(
+    parsers.parse(
+        "provider delivery control is set to <provider_control_report> in the report"
+    )
+)
+def provider_delivery_control_set_in_report(workflow_test, provider_control_report):
+    if provider_control_report == "true":
+        print("[INFO] set provider delivery control_in report")
+        workflow_test.process_report(
+            update_provider_delivery=True, provider_delivery=True
+        )
+    else:
+        print("[INFO] un-set provider delivery control_in report")
+        workflow_test.process_report(
+            update_provider_delivery=True, provider_delivery=False
+        )
+
+
+@then(
+    parsers.parse("the <index_file> is updated with an entry for the submitted chart")
+)
+def index_file_is_updated(workflow_test, index_file):
+    workflow_test.secrets.index_file = index_file
diff --git a/tests/functional/step_defs/test_submitted_charts.py b/tests/functional/step_defs/test_submitted_charts.py
new file mode 100644
index 00000000000..3e6aadd0b9e
--- /dev/null
+++ b/tests/functional/step_defs/test_submitted_charts.py
@@ -0,0 +1,64 @@
+# -*- coding: utf-8 -*-
+"""Check submitted charts
+
+New Openshift or chart-verifier will trigger (automatically or manually) a recursive checking on
+existing submitted charts under `charts/` directory with the specified Openshift and chart-verifier
+version.
+
+Besides, during workflow development, engineers would like to check if the changes will break checks
+on existing submitted charts.
+"""
+import pytest
+from pytest_bdd import (
+    given,
+    scenario,
+    then,
+    when,
+)
+from functional.utils.chart_certification import ChartCertificationE2ETestMultiple
+
+
+@pytest.fixture
+def workflow_test():
+    workflow_test = ChartCertificationE2ETestMultiple()
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-15_check_submitted_charts.feature",
+    "[HC-15-001] A new Openshift or chart-verifier version is specified either by a cron job or manually",
+)
+def test_submitted_charts():
+    """A new Openshift or chart-verifier version is specified either by a cron job or manually."""
+
+
+@given("there's a github workflow for testing existing charts")
+def theres_github_workflow_for_testing_charts():
+    """there's a github workflow for testing existing charts."""
+
+
+@when("a new Openshift or chart-verifier version is specified")
+def new_openshift_or_verifier_version_is_specified():
+    """a new Openshift or chart-verifier version is specified."""
+
+
+@when("the vendor type is specified, e.g. partner, and/or redhat")
+def vendor_type_is_specified():
+    """the vendor type is specified, e.g. partner, and/or redhat."""
+
+
+@when("workflow for testing existing charts is triggered")
+def workflow_is_triggered():
+    """workflow for testing existing charts is triggered."""
+
+
+@then("submission tests are run for existing charts")
+def submission_tests_run_for_submitted_charts(workflow_test):
+    """submission tests are run for existing charts."""
+    workflow_test.process_all_charts()
+
+
+@then("all results are reported back to the caller")
+def all_results_report_back_to_caller():
+    """all results are reported back to the caller."""
diff --git a/tests/functional/step_defs/test_user_submits_chart_with_errors.py b/tests/functional/step_defs/test_user_submits_chart_with_errors.py
new file mode 100644
index 00000000000..4d7d4cf31d8
--- /dev/null
+++ b/tests/functional/step_defs/test_user_submits_chart_with_errors.py
@@ -0,0 +1,35 @@
+# -*- coding: utf-8 -*-
+""" Chart submission with errors
+    Partners, redhat or community user submit charts which result in errors
+"""
+import pytest
+from pytest_bdd import scenario
+
+from functional.utils.chart_certification import ChartCertificationE2ETestSingle
+
+
+@pytest.fixture
+def workflow_test():
+    test_name = "Chart Submission with Errors"
+    test_chart = "tests/data/vault-0.17.0.tgz"
+    workflow_test = ChartCertificationE2ETestSingle(
+        test_name=test_name, test_chart=test_chart
+    )
+    yield workflow_test
+    workflow_test.cleanup()
+
+
+@scenario(
+    "../features/HC-14_user_submits_chart_with_errors.feature",
+    "[HC-14-001] An unauthorized user submits a chart",
+)
+def test_chart_submission_by_unauthorized_user():
+    """An unauthorized user submits a chart"""
+
+
+@scenario(
+    "../features/HC-14_user_submits_chart_with_errors.feature",
+    "[HC-14-002] An authorized user submits a chart with incorrect version",
+)
+def test_chart_submission_with_incorrect_version():
+    """An authorized user submits a chart with incorrect version"""
diff --git a/tests/functional/utils/__init__.py b/tests/functional/utils/__init__.py
new file mode 100644
index 00000000000..e69de29bb2d
diff --git a/tests/functional/utils/chart.py b/tests/functional/utils/chart.py
new file mode 100644
index 00000000000..c5656721561
--- /dev/null
+++ b/tests/functional/utils/chart.py
@@ -0,0 +1,143 @@
+# -*- coding: utf-8 -*-
+"""Utility module for processing chart files."""
+
+import os
+import tarfile
+import pytest
+import yaml
+import shutil
+
+
+def get_name_and_version_from_report(path):
+    """
+    Parameters:
+    path (str): path to the report.yaml
+
+    Returns:
+    str: chart name
+    str: chart version
+    """
+    with open(path, "r") as fd:
+        try:
+            report = yaml.safe_load(fd)
+        except yaml.YAMLError as err:
+            pytest.fail(f"error parsing '{path}': {err}")
+    chart = report["metadata"]["chart"]
+    return chart["name"], chart["version"]
+
+
+def get_name_and_version_from_chart_tar(path):
+    """
+    Parameters:
+    path (str): path to the chart tar file
+
+    Returns:
+    str: chart name
+    str: chart version
+    """
+    tar = tarfile.open(path)
+    for member in tar.getmembers():
+        if member.name.split("/")[-1] == "Chart.yaml":
+            chart = tar.extractfile(member)
+            if chart is not None:
+                content = chart.read()
+                try:
+                    chart_yaml = yaml.safe_load(content)
+                    return chart_yaml["name"], chart_yaml["version"]
+                except yaml.YAMLError as err:
+                    pytest.fail(f"error parsing '{path}': {err}")
+    else:
+        pytest.fail(f"Chart.yaml not in {path}")
+
+
+def get_name_and_version_from_chart_src(path):
+    """
+    Parameters:
+    path (str): path to the chart src directory
+
+    Returns:
+    str: chart name
+    str: chart version
+    """
+    chart_path = os.path.join(path, "Chart.yaml")
+    with open(chart_path, "r") as fd:
+        try:
+            chart_yaml = yaml.safe_load(fd)
+        except yaml.YAMLError as err:
+            pytest.fail(f"error parsing '{path}': {err}")
+    return chart_yaml["name"], chart_yaml["version"]
+
+
+def extract_chart_tgz(src, dst, secrets, logger):
+    """Extracts the chart tgz file into the target location under 'charts/' for PR submission tests
+
+    Parameters:
+    src (str): path to the test chart tgz
+    dst (str): path to the extract destination, e.g. 'charts/partners/hashicorp/vault/0.13.0'
+    """
+    try:
+        logger.info(f"Remove existing local '{dst}/src'")
+        shutil.rmtree(f"{dst}/src")
+    except FileNotFoundError:
+        logger.info(f"'{dst}/src' does not exist")
+    finally:
+        with tarfile.open(src, "r") as fd:
+            fd.extractall(dst)
+            os.rename(f"{dst}/{secrets.chart_name}", f"{dst}/src")
+
+
+def get_all_charts(charts_path: str, vendor_types: str) -> list:
+    # TODO: Support `community` as vendor_type.
+    """Gets charts with src or tgz under `charts/` given vendor_types and without report.
+
+    Parameters:
+    charts_path (str): path to the `charts/` directory
+    vendor_types (str): vendor type to look for, any combination of `partner`, `redhat`, separated
+        by commas, or `all` to run both `partner` and `redhat`.
+
+    Returns:
+    list: list of (vendor_type, vendor, chart_name, chart_version) tuples
+    """
+    ret = []
+    # Pre-process vendor types
+    vendor_types = vendor_types.replace("partner", "partners")
+    vendor_types = [vt.strip() for vt in vendor_types.split(",")]
+    vendor_types = list({"partners", "redhat", "all"}.intersection(set(vendor_types)))
+    vendor_types = ["partners", "redhat"] if "all" in vendor_types else vendor_types
+
+    # Iterate through `charts/` to find chart submission with src or tgz
+    for vt in vendor_types:
+        charts_path_vt = f"{charts_path}/{vt}"
+        vendor_names = [
+            name
+            for name in os.listdir(charts_path_vt)
+            if os.path.isdir(f"{charts_path_vt}/{name}")
+        ]
+        for vn in vendor_names:
+            charts_path_vt_vn = f"{charts_path_vt}/{vn}"
+            chart_names = [
+                name
+                for name in os.listdir(charts_path_vt_vn)
+                if os.path.isdir(f"{charts_path_vt_vn}/{name}")
+            ]
+            for cn in chart_names:
+                charts_path_vt_vn_cn = f"{charts_path_vt_vn}/{cn}"
+                file_names = [name for name in os.listdir(charts_path_vt_vn_cn)]
+                if "OWNERS" not in file_names:
+                    continue
+                chart_versions = [
+                    name
+                    for name in os.listdir(charts_path_vt_vn_cn)
+                    if os.path.isdir(f"{charts_path_vt_vn_cn}/{name}")
+                ]
+                # Only interest in latest chart version
+                if len(chart_versions) == 0:
+                    continue
+                cv = max(chart_versions)
+                charts_path_vt_vn_cn_cv = f"{charts_path_vt_vn_cn}/{cv}"
+                file_names = [name for name in os.listdir(charts_path_vt_vn_cn_cv)]
+                if "report.yaml" not in file_names and (
+                    f"{cn}-{cv}.tgz" in file_names or "src" in file_names
+                ):
+                    ret.append((vt, vn, cn, cv))
+    return ret
diff --git a/tests/functional/utils/chart_certification.py b/tests/functional/utils/chart_certification.py
new file mode 100644
index 00000000000..920b2410362
--- /dev/null
+++ b/tests/functional/utils/chart_certification.py
@@ -0,0 +1,1347 @@
+# -*- coding: utf-8 -*-
+"""Utility class for setting up and manipulating certification workflow tests."""
+
+import os
+import re
+import json
+import pathlib
+import shutil
+import logging
+import time
+import uuid
+from tempfile import TemporaryDirectory
+from dataclasses import dataclass
+from string import Template
+from pathlib import Path
+
+import git
+import yaml
+import pytest
+from functional.utils.notifier import *
+from functional.utils.index import *
+from functional.utils.github import *
+from functional.utils.secret import *
+from functional.utils.set_directory import SetDirectory
+from functional.utils.setttings import *
+from functional.utils.chart import *
+
+
+@dataclass
+class ChartCertificationE2ETest:
+    owners_file_content: str = """\
+chart:
+  name: ${chart_name}
+  shortDescription: Test chart for testing chart submission workflows.
+publicPgpKey: null
+providerDelivery: ${provider_delivery}
+users:
+- githubUsername: ${bot_name}
+vendor:
+  label: ${vendor}
+  name: ${vendor}
+"""
+    secrets: E2ETestSecret = E2ETestSecret()
+
+    old_cwd: str = os.getcwd()
+    repo: git.Repo = git.Repo()
+    temp_dir: TemporaryDirectory = None
+    temp_repo: git.Repo = None
+    github_actions: str = os.environ.get("GITHUB_ACTIONS")
+
+    def set_git_username_email(self, repo, username, email):
+        """
+        Parameters:
+        repo (git.Repo): git.Repo instance of the local directory
+        username (str): git username to set
+        email (str): git email to set
+        """
+        repo.config_writer().set_value("user", "name", username).release()
+        repo.config_writer().set_value("user", "email", email).release()
+
+    def get_bot_name_and_token(self):
+        bot_name = os.environ.get("BOT_NAME")
+        bot_token = os.environ.get("BOT_TOKEN")
+        if not bot_name and not bot_token:
+            bot_name = "github-actions[bot]"
+            bot_token = os.environ.get("GITHUB_TOKEN")
+            if not bot_token:
+                raise Exception("BOT_TOKEN environment variable not defined")
+        elif not bot_name:
+            raise Exception("BOT_TOKEN set but BOT_NAME not specified")
+        elif not bot_token:
+            raise Exception("BOT_NAME set but BOT_TOKEN not specified")
+        return bot_name, bot_token
+
+    def remove_chart(
+        self, chart_directory, chart_version, remote_repo, base_branch, bot_token
+    ):
+        # Remove chart files from base branch
+        logging.info(
+            f"Remove {chart_directory}/{chart_version} from {remote_repo}:{base_branch}"
+        )
+        try:
+            self.temp_repo.git.rm(
+                "-rf", "--cached", f"{chart_directory}/{chart_version}"
+            )
+            self.temp_repo.git.commit("-m", f"Remove {chart_directory}/{chart_version}")
+            self.temp_repo.git.push(
+                f"https://x-access-token:{bot_token}@github.com/{remote_repo}",
+                f"HEAD:refs/heads/{base_branch}",
+            )
+        except git.exc.GitCommandError:
+            logging.info(
+                f"{chart_directory}/{chart_version} not exist on {remote_repo}:{base_branch}"
+            )
+
+    def remove_owners_file(self, chart_directory, remote_repo, base_branch, bot_token):
+        # Remove the OWNERS file from base branch
+        logging.info(
+            f"Remove {chart_directory}/OWNERS from {remote_repo}:{base_branch}"
+        )
+        try:
+            self.temp_repo.git.rm("-rf", "--cached", f"{chart_directory}/OWNERS")
+            self.temp_repo.git.commit("-m", f"Remove {chart_directory}/OWNERS")
+            self.temp_repo.git.push(
+                f"https://x-access-token:{bot_token}@github.com/{remote_repo}",
+                f"HEAD:refs/heads/{base_branch}",
+            )
+        except git.exc.GitCommandError:
+            logging.info(
+                f"{chart_directory}/OWNERS not exist on {remote_repo}:{base_branch}"
+            )
+
+    def create_test_gh_pages_branch(self, remote_repo, base_branch, bot_token):
+        # Get SHA from 'dev-gh-pages' branch
+        logging.info(
+            f"Create '{remote_repo}:{base_branch}-gh-pages' from '{remote_repo}:dev-gh-pages'"
+        )
+        r = github_api(
+            "get", f"repos/{remote_repo}/git/ref/heads/dev-gh-pages", bot_token
+        )
+        j = json.loads(r.text)
+        sha = j["object"]["sha"]
+
+        # Create a new gh-pages branch for testing
+        data = {"ref": f"refs/heads/{base_branch}-gh-pages", "sha": sha}
+        r = github_api("post", f"repos/{remote_repo}/git/refs", bot_token, json=data)
+
+        logging.info(f"gh-pages branch created: {base_branch}-gh-pages")
+
+    def setup_git_context(self, repo: git.Repo):
+        self.set_git_username_email(
+            repo, self.secrets.bot_name, GITHUB_ACTIONS_BOT_EMAIL
+        )
+        if os.environ.get("WORKFLOW_DEVELOPMENT"):
+            logging.info("Wokflow development enabled")
+            repo.git.add(A=True)
+            repo.git.commit("-m", "Checkpoint")
+
+    def send_pull_request(self, remote_repo, base_branch, pr_branch, bot_token):
+        data = {
+            "head": pr_branch,
+            "base": base_branch,
+            "title": base_branch,
+            "body": os.environ.get("PR_BODY"),
+        }
+
+        logging.info(f"Create PR from '{remote_repo}:{pr_branch}'")
+        r = github_api("post", f"repos/{remote_repo}/pulls", bot_token, json=data)
+        j = json.loads(r.text)
+        if "number" not in j:
+            pytest.fail(f"error sending pull request, response was: {r.text}")
+        return j["number"]
+
+    def create_and_push_owners_file(
+        self,
+        chart_directory,
+        base_branch,
+        vendor_name,
+        vendor_type,
+        chart_name,
+        provider_delivery=False,
+    ):
+        with SetDirectory(Path(self.temp_dir.name)):
+            # Create the OWNERS file from the string template
+            values = {
+                "bot_name": self.secrets.bot_name,
+                "vendor": vendor_name,
+                "chart_name": chart_name,
+                "provider_delivery": provider_delivery,
+            }
+            content = Template(self.secrets.owners_file_content).substitute(values)
+            with open(f"{chart_directory}/OWNERS", "w") as fd:
+                fd.write(content)
+
+            # Push OWNERS file to the test_repo
+            logging.info(
+                f"Push OWNERS file to '{self.secrets.test_repo}:{base_branch}'"
+            )
+            self.temp_repo.git.add(f"{chart_directory}/OWNERS")
+            self.temp_repo.git.commit(
+                "-m", f"Add {vendor_type} {vendor_name} {chart_name} OWNERS file"
+            )
+            self.temp_repo.git.push(
+                f"https://x-access-token:{self.secrets.bot_token}@github.com/{self.secrets.test_repo}",
+                f"HEAD:refs/heads/{base_branch}",
+                "-f",
+            )
+
+    def check_index_yaml(
+        self,
+        base_branch,
+        vendor,
+        chart_name,
+        chart_version,
+        index_file="index.yaml",
+        check_provider_type=False,
+        logger=pytest.fail,
+    ):
+        old_branch = self.repo.active_branch.name
+        self.repo.git.fetch(
+            f"https://github.com/{self.secrets.test_repo}.git",
+            "{0}:{0}".format(f"{base_branch}-gh-pages"),
+            "-f",
+        )
+
+        self.repo.git.checkout(f"{base_branch}-gh-pages")
+
+        with open(index_file, "r") as fd:
+            try:
+                index = yaml.safe_load(fd)
+            except yaml.YAMLError as err:
+                logger(f"error parsing index.yaml: {err}")
+                return False
+
+        if index:
+            entry = f"{vendor}-{chart_name}"
+            if "entries" not in index or entry not in index["entries"]:
+                logger(f"{entry} not added in entries to {index_file}")
+                logger(f"Index.yaml entries: {index['entries']}")
+                return False
+
+            version_list = [release["version"] for release in index["entries"][entry]]
+            if chart_version not in version_list:
+                logger(f"{chart_version} not added to {index_file}")
+                logger(f"Index.yaml entry content: {index['entries'][entry]}")
+                return False
+
+            # This check is applicable for charts submitted in redhat path when one of the chart-verifier check fails
+            # Check whether providerType annotations is community in index.yaml when vendor_type is redhat
+            if check_provider_type and self.secrets.vendor_type == "redhat":
+                provider_type_in_index_yaml = index["entries"][entry][0]["annotations"][
+                    "charts.openshift.io/providerType"
+                ]
+                if provider_type_in_index_yaml != "community":
+                    logger(
+                        f"{provider_type_in_index_yaml} is not correct as providerType in index.yaml"
+                    )
+
+            logging.info("Index updated correctly, cleaning up local branch")
+            self.repo.git.checkout(old_branch)
+            self.repo.git.branch("-D", f"{base_branch}-gh-pages")
+            return True
+        else:
+            return False
+
+    def check_release_result(
+        self, vendor, chart_name, chart_version, chart_tgz, logger=pytest.fail
+    ):
+        expected_tag = f"{vendor}-{chart_name}-{chart_version}"
+        try:
+            release = get_release_by_tag(self.secrets, expected_tag)
+            logging.info(f"Released '{expected_tag}' successfully")
+
+            expected_chart_asset = f"{vendor}-{chart_tgz}"
+            required_assets = [expected_chart_asset]
+            logging.info(f"Check '{required_assets}' is in release assets")
+            release_id = release["id"]
+            get_release_assets(self.secrets, release_id, required_assets)
+            return True
+        except Exception as e:
+            logger(e)
+            return False
+        finally:
+            logging.info(f"Delete release '{expected_tag}'")
+            github_api(
+                "delete",
+                f"repos/{self.secrets.test_repo}/releases/{release_id}",
+                self.secrets.bot_token,
+            )
+
+            logging.info(f"Delete release tag '{expected_tag}'")
+            github_api(
+                "delete",
+                f"repos/{self.secrets.test_repo}/git/refs/tags/{expected_tag}",
+                self.secrets.bot_token,
+            )
+
+    # expect_result: a string representation of expected result, e.g. 'success'
+    def check_workflow_conclusion(
+        self, pr_number, expect_result: str, logger=pytest.fail
+    ):
+        try:
+            # Check workflow conclusion
+            run_id = get_run_id(self.secrets, pr_number)
+            conclusion = get_run_result(self.secrets, run_id)
+            if conclusion == expect_result:
+                logging.info(
+                    f"PR{pr_number} Workflow run was '{expect_result}' which is expected"
+                )
+            else:
+                logger(
+                    f"PR{pr_number if pr_number else self.secrets.pr_number} Workflow run was '{conclusion}' which is unexpected, run id: {run_id}"
+                )
+            return run_id, conclusion
+        except Exception as e:
+            logger(e)
+            return None, None
+
+    # expect_merged: boolean representing whether the PR should be merged
+    def check_pull_request_result(
+        self, pr_number, expect_merged: bool, logger=pytest.fail
+    ):
+        # Check if PR merged
+        r = github_api(
+            "get",
+            f"repos/{self.secrets.test_repo}/pulls/{pr_number}/merge",
+            self.secrets.bot_token,
+        )
+        logging.info(f"PR{pr_number} result status_code : {r.status_code}")
+        if r.status_code == 204 and expect_merged:
+            logging.info(f"PR{pr_number} merged sucessfully as expected")
+            return True
+        elif r.status_code == 404 and not expect_merged:
+            logging.info(f"PR{pr_number} not merged, which is expected")
+            return True
+        elif r.status_code == 204 and not expect_merged:
+            logger(f"PR{pr_number} Expecting not merged but PR was merged")
+            return False
+        elif r.status_code == 404 and expect_merged:
+            logger(f"PR{pr_number} Expecting PR merged but PR was not merged")
+            return False
+        else:
+            logger(f"PR{pr_number} Got unexpected status code from PR: {r.status_code}")
+            return False
+
+    def check_pull_request_labels(self, pr_number, logger=pytest.fail):
+        r = github_api(
+            "get",
+            f"repos/{self.secrets.test_repo}/issues/{pr_number}/labels",
+            self.secrets.bot_token,
+        )
+        labels = json.loads(r.text)
+        authorized_request = False
+        content_ok = False
+        for label in labels:
+            logging.info(f"PR{pr_number} found label {label['name']}")
+            if label["name"] == "authorized-request":
+                authorized_request = True
+            if label["name"] == "content-ok":
+                content_ok = True
+
+        if authorized_request and content_ok:
+            logging.info(
+                f"PR{pr_number} authorized request and content-ok labels were found as expected"
+            )
+            return True
+        else:
+            logger(
+                f"PR{pr_number} authorized request and/or content-ok labels were not found as expected"
+            )
+            return False
+
+    def cleanup_release(self, expected_tag):
+        """Cleanup the release and release tag.
+
+        Releases might be left behind if check_index_yam() ran before check_release_result() and fails the test.
+        """
+        r = github_api(
+            "get", f"repos/{self.secrets.test_repo}/releases", self.secrets.bot_token
+        )
+        releases = json.loads(r.text)
+        for release in releases:
+            if release["tag_name"] == expected_tag:
+                release_id = release["id"]
+                logging.info(f"Delete release '{expected_tag}'")
+                github_api(
+                    "delete",
+                    f"repos/{self.secrets.test_repo}/releases/{release_id}",
+                    self.secrets.bot_token,
+                )
+
+                logging.info(f"Delete release tag '{expected_tag}'")
+                github_api(
+                    "delete",
+                    f"repos/{self.secrets.test_repo}/git/refs/tags/{expected_tag}",
+                    self.secrets.bot_token,
+                )
+
+
+@dataclass
+class ChartCertificationE2ETestSingle(ChartCertificationE2ETest):
+    test_name: str = ""  # Meaningful test name for this test, displayed in PR title
+    test_chart: str = ""
+    test_report: str = ""
+    chart_directory: str = ""
+    secrets: E2ETestSecretOneShot = E2ETestSecretOneShot()
+
+    def __post_init__(self) -> None:
+        # unique string based on uuid.uuid4(), not using timestamp here because even
+        # in nanoseconds there are chances of collisions among first test cases of
+        # different processes.
+        self.uuid = uuid.uuid4().hex
+
+        if self.test_report or self.test_chart:
+            (
+                self.secrets.chart_name,
+                self.secrets.chart_version,
+            ) = self.get_chart_name_version()
+            self.chart_directory = f"charts/{self.secrets.vendor_type}/{self.secrets.vendor}/{self.secrets.chart_name}"
+
+        bot_name, bot_token = self.get_bot_name_and_token()
+        test_repo = TEST_REPO
+
+        # Create a new branch locally from detached HEAD
+        head_sha = self.repo.git.rev_parse("--short", "HEAD")
+        unique_branch = f"{head_sha}-{self.uuid}"
+        local_branches = [h.name for h in self.repo.heads]
+        if unique_branch not in local_branches:
+            self.repo.git.checkout("-b", f"{unique_branch}")
+
+        current_branch = self.repo.active_branch.name
+        r = github_api("get", f"repos/{test_repo}/branches", bot_token)
+        branches = json.loads(r.text)
+        branch_names = [branch["name"] for branch in branches]
+        if current_branch not in branch_names:
+            logging.info(
+                f"{test_repo}:{current_branch} does not exists, creating with local branch"
+            )
+        self.repo.git.push(
+            f"https://x-access-token:{bot_token}@github.com/{test_repo}",
+            f"HEAD:refs/heads/{current_branch}",
+            "-f",
+        )
+
+        pretty_test_name = self.test_name.strip().lower().replace(" ", "-")
+        base_branch = (
+            f"{self.uuid}-{pretty_test_name}-{current_branch}"
+            if pretty_test_name
+            else f"{self.uuid}-test-{current_branch}"
+        )
+        pr_branch = base_branch + "-pr-branch"
+
+        self.secrets.owners_file_content = self.owners_file_content
+        self.secrets.test_chart = self.test_chart
+        self.secrets.test_report = self.test_report
+        self.secrets.test_repo = test_repo
+        self.secrets.bot_name = bot_name
+        self.secrets.bot_token = bot_token
+        self.secrets.base_branch = base_branch
+        self.secrets.pr_branch = pr_branch
+        self.secrets.index_file = "index.yaml"
+        self.secrets.provider_delivery = False
+
+    def cleanup(self):
+        # Cleanup releases and release tags
+        self.cleanup_release()
+        # Teardown step to cleanup branches
+        if self.temp_dir is not None:
+            self.temp_dir.cleanup()
+        self.repo.git.worktree("prune")
+
+        head_sha = self.repo.git.rev_parse("--short", "HEAD")
+        current_branch = f"{head_sha}-{self.uuid}"
+        logging.info(f"Delete remote '{current_branch}' branch")
+        github_api(
+            "delete",
+            f"repos/{self.secrets.test_repo}/git/refs/heads/{current_branch}",
+            self.secrets.bot_token,
+        )
+
+        logging.info(f"Delete '{self.secrets.test_repo}:{self.secrets.base_branch}'")
+        github_api(
+            "delete",
+            f"repos/{self.secrets.test_repo}/git/refs/heads/{self.secrets.base_branch}",
+            self.secrets.bot_token,
+        )
+
+        logging.info(
+            f"Delete '{self.secrets.test_repo}:{self.secrets.base_branch}-gh-pages'"
+        )
+        github_api(
+            "delete",
+            f"repos/{self.secrets.test_repo}/git/refs/heads/{self.secrets.base_branch}-gh-pages",
+            self.secrets.bot_token,
+        )
+
+        logging.info(f"Delete '{self.secrets.test_repo}:{self.secrets.pr_branch}'")
+        github_api(
+            "delete",
+            f"repos/{self.secrets.test_repo}/git/refs/heads/{self.secrets.pr_branch}",
+            self.secrets.bot_token,
+        )
+
+        logging.info(f"Delete local '{self.secrets.base_branch}'")
+        try:
+            self.repo.git.branch("-D", self.secrets.base_branch)
+        except git.exc.GitCommandError:
+            logging.info(f"Local '{self.secrets.base_branch}' does not exist")
+
+        logging.info(f"Delete local '{current_branch}'")
+        try:
+            self.repo.git.branch("-D", current_branch)
+        except git.exc.GitCommandError:
+            logging.info(f"Local '{current_branch}' does not exist")
+
+    def update_test_chart(self, test_chart):
+        if test_chart != self.test_chart:
+            # reinitialize the settings according with new chart
+            self.test_chart = test_chart
+            self.__post_init__()
+
+    def update_test_report(self, test_report):
+        if test_report != self.test_report:
+            # reinitialize the settings according with new report
+            self.test_report = test_report
+            self.__post_init__()
+
+    def get_unique_vendor(self, vendor):
+        """Set unique vendor name.
+        Note that release tag is generated with this vendor name.
+        """
+        # unique string based on uuid.uuid4()
+        suffix = self.uuid
+        if "PR_NUMBER" in os.environ:
+            pr_num = os.environ["PR_NUMBER"]
+            suffix = f"{suffix}-{pr_num}"
+        return f"{vendor}-{suffix}"
+
+    def get_chart_name_version(self):
+        if not self.test_report and not self.test_chart:
+            pytest.fail("Provide at least one of test report or test chart.")
+        if self.test_report:
+            chart_name, chart_version = get_name_and_version_from_report(
+                self.test_report
+            )
+        else:
+            chart_name, chart_version = get_name_and_version_from_chart_tar(
+                self.test_chart
+            )
+        return chart_name, chart_version
+
+    def set_vendor(self, vendor, vendor_type):
+        # use unique vendor id to avoid collision between tests
+        self.secrets.vendor = self.get_unique_vendor(vendor)
+        self.secrets.vendor_type = vendor_type
+        base_branch_without_uuid = "-".join(self.secrets.base_branch.split("-")[:-1])
+        vendor_without_suffix = self.secrets.vendor.split("-")[0]
+        self.secrets.base_branch = f"{base_branch_without_uuid}-{self.secrets.vendor_type}-{vendor_without_suffix}-{self.secrets.chart_name}-{self.secrets.chart_version}"
+        self.secrets.pr_branch = f"{self.secrets.base_branch}-pr-branch"
+        self.chart_directory = f"charts/{self.secrets.vendor_type}/{self.secrets.vendor}/{self.secrets.chart_name}"
+
+    def setup_git_context(self):
+        super().setup_git_context(self.repo)
+
+    def setup_gh_pages_branch(self):
+        self.create_test_gh_pages_branch(
+            self.secrets.test_repo, self.secrets.base_branch, self.secrets.bot_token
+        )
+
+    def setup_temp_dir(self):
+        self.temp_dir = TemporaryDirectory(prefix="tci-")
+        with SetDirectory(Path(self.temp_dir.name)):
+            # Make PR's from a temporary directory
+            logging.info(f"Worktree directory: {self.temp_dir.name}")
+            self.repo.git.worktree("add", "--detach", self.temp_dir.name, "HEAD")
+            self.temp_repo = git.Repo(self.temp_dir.name)
+
+            self.set_git_username_email(
+                self.temp_repo, self.secrets.bot_name, GITHUB_ACTIONS_BOT_EMAIL
+            )
+            self.temp_repo.git.checkout("-b", self.secrets.base_branch)
+            pathlib.Path(f"{self.chart_directory}/{self.secrets.chart_version}").mkdir(
+                parents=True, exist_ok=True
+            )
+
+            self.remove_chart(
+                self.chart_directory,
+                self.secrets.chart_version,
+                self.secrets.test_repo,
+                self.secrets.base_branch,
+                self.secrets.bot_token,
+            )
+            self.remove_owners_file(
+                self.chart_directory,
+                self.secrets.test_repo,
+                self.secrets.base_branch,
+                self.secrets.bot_token,
+            )
+
+    def update_chart_version_in_chart_yaml(self, new_version):
+        with SetDirectory(Path(self.temp_dir.name)):
+            path = f"{self.chart_directory}/{self.secrets.chart_version}/src/Chart.yaml"
+            with open(path, "r") as fd:
+                try:
+                    chart = yaml.safe_load(fd)
+                except yaml.YAMLError as err:
+                    pytest.fail(f"error parsing '{path}': {err}")
+            current_version = chart["version"]
+
+            if current_version != new_version:
+                chart["version"] = new_version
+                try:
+                    with open(path, "w") as fd:
+                        fd.write(yaml.dump(chart))
+                except Exception as e:
+                    pytest.fail("Failed to update version in yaml file")
+
+    def remove_readme_file(self):
+        with SetDirectory(Path(self.temp_dir.name)):
+            path = f"{self.chart_directory}/{self.secrets.chart_version}/src/README.md"
+            try:
+                os.remove(path)
+            except Exception as e:
+                pytest.fail(f"Failed to remove readme file : {e}")
+
+    def process_owners_file(self):
+        super().create_and_push_owners_file(
+            self.chart_directory,
+            self.secrets.base_branch,
+            self.secrets.vendor,
+            self.secrets.vendor_type,
+            self.secrets.chart_name,
+            self.secrets.provider_delivery,
+        )
+
+    def process_chart(self, is_tarball: bool):
+        with SetDirectory(Path(self.temp_dir.name)):
+            if is_tarball:
+                # Copy the chart tar into temporary directory for PR submission
+                chart_tar = self.secrets.test_chart.split("/")[-1]
+                shutil.copyfile(
+                    f"{self.old_cwd}/{self.secrets.test_chart}",
+                    f"{self.chart_directory}/{self.secrets.chart_version}/{chart_tar}",
+                )
+            else:
+                # Unzip files into temporary directory for PR submission
+                extract_chart_tgz(
+                    self.secrets.test_chart,
+                    f"{self.chart_directory}/{self.secrets.chart_version}",
+                    self.secrets,
+                    logging,
+                )
+
+    def process_report(
+        self,
+        update_chart_sha=False,
+        update_url=False,
+        url=None,
+        update_versions=False,
+        supported_versions=None,
+        tested_version=None,
+        kube_version=None,
+        update_provider_delivery=False,
+        provider_delivery=False,
+        missing_check=None,
+        unset_package_digest=False,
+    ):
+        with SetDirectory(Path(self.temp_dir.name)):
+            # Copy report to temporary location and push to test_repo:pr_branch
+            logging.info(
+                f"Push report to '{self.secrets.test_repo}:{self.secrets.pr_branch}'"
+            )
+            tmpl = open(self.secrets.test_report).read()
+            values = {
+                "repository": self.secrets.test_repo,
+                "branch": self.secrets.base_branch,
+            }
+            content = Template(tmpl).substitute(values)
+
+            report_path = (
+                f"{self.chart_directory}/{self.secrets.chart_version}/"
+                + self.secrets.test_report.split("/")[-1]
+            )
+
+            try:
+                report = yaml.safe_load(content)
+            except yaml.YAMLError as err:
+                pytest.fail(f"error parsing '{report_path}': {err}")
+
+            if self.secrets.vendor_type != "partners":
+                report["metadata"]["tool"]["profile"][
+                    "VendorType"
+                ] = self.secrets.vendor_type
+                logging.info(
+                    f'VendorType set to {report["metadata"]["tool"]["profile"]["VendorType"]} in report.yaml'
+                )
+
+            if (
+                update_chart_sha
+                or update_url
+                or update_versions
+                or update_provider_delivery
+                or unset_package_digest
+            ):
+                # For updating the report.yaml, for chart sha mismatch scenario
+                if update_chart_sha:
+                    new_sha_value = "sha256:5b85ae00b9ca2e61b2d70a59f98fd72136453b1a185676b29d4eb862981c1xyz"
+                    logging.info(
+                        f"Current SHA Value in report: {report['metadata']['tool']['digests']['chart']}"
+                    )
+                    report["metadata"]["tool"]["digests"]["chart"] = new_sha_value
+                    logging.info(f"Updated sha value in report: {new_sha_value}")
+
+                # For updating the report.yaml, for invalid_url sceanrio
+                if update_url:
+                    logging.info(
+                        f"Current chart-uri in report: {report['metadata']['tool']['chart-uri']}"
+                    )
+                    report["metadata"]["tool"]["chart-uri"] = url
+                    logging.info(f"Updated chart-uri value in report: {url}")
+
+                if update_versions:
+                    report["metadata"]["tool"][
+                        "testedOpenShiftVersion"
+                    ] = tested_version
+                    report["metadata"]["tool"][
+                        "supportedOpenShiftVersions"
+                    ] = supported_versions
+                    report["metadata"]["chart"]["kubeversion"] = kube_version
+                    logging.info(
+                        f"Updated testedOpenShiftVersion value in report: {tested_version}"
+                    )
+                    logging.info(
+                        f"Updated supportedOpenShiftVersions value in report: {supported_versions}"
+                    )
+                    logging.info(f"Updated kubeversion value in report: {kube_version}")
+
+                if update_provider_delivery:
+                    report["metadata"]["tool"][
+                        "providerControlledDelivery"
+                    ] = provider_delivery
+
+                if unset_package_digest:
+                    del report["metadata"]["tool"]["digests"]["package"]
+
+            with open(report_path, "w") as fd:
+                try:
+                    fd.write(yaml.dump(report))
+                    logging.info("Report updated with new values")
+                except Exception as e:
+                    pytest.fail("Failed to update report yaml with new values")
+
+            # For removing the check for missing check scenario
+            if missing_check:
+                logging.info(f"Updating report with {missing_check}")
+                with open(report_path, "r+") as fd:
+                    report_content = yaml.safe_load(fd)
+                    results = report_content["results"]
+                    new_results = filter(lambda x: x["check"] != missing_check, results)
+                    report_content["results"] = list(new_results)
+                    fd.seek(0)
+                    yaml.dump(report_content, fd)
+                    fd.truncate()
+
+        self.temp_repo.git.add(report_path)
+        self.temp_repo.git.commit(
+            "-m",
+            f"Add {self.secrets.vendor} {self.secrets.chart_name} {self.secrets.chart_version} report",
+        )
+        self.temp_repo.git.push(
+            f"https://x-access-token:{self.secrets.bot_token}@github.com/{self.secrets.test_repo}",
+            f"HEAD:refs/heads/{self.secrets.pr_branch}",
+            "-f",
+        )
+
+    def add_non_chart_related_file(self):
+        with SetDirectory(Path(self.temp_dir.name)):
+            path = f"{self.chart_directory}/Notes.txt"
+            with open(path, "w") as fd:
+                fd.write("This is a test file")
+
+    def push_chart(self, is_tarball: bool, add_non_chart_file=False):
+        # Push chart to test_repo:pr_branch
+        if is_tarball:
+            chart_tar = self.secrets.test_chart.split("/")[-1]
+            self.temp_repo.git.add(
+                f"{self.chart_directory}/{self.secrets.chart_version}/{chart_tar}"
+            )
+        else:
+            if add_non_chart_file:
+                self.temp_repo.git.add(f"{self.chart_directory}/")
+            else:
+                self.temp_repo.git.add(
+                    f"{self.chart_directory}/{self.secrets.chart_version}/src"
+                )
+        self.temp_repo.git.commit(
+            "-m",
+            f"Add {self.secrets.vendor} {self.secrets.chart_name} {self.secrets.chart_version} chart",
+        )
+
+        self.temp_repo.git.push(
+            f"https://x-access-token:{self.secrets.bot_token}@github.com/{self.secrets.test_repo}",
+            f"HEAD:refs/heads/{self.secrets.pr_branch}",
+            "-f",
+        )
+
+    def send_pull_request(self):
+        self.secrets.pr_number = super().send_pull_request(
+            self.secrets.test_repo,
+            self.secrets.base_branch,
+            self.secrets.pr_branch,
+            self.secrets.bot_token,
+        )
+        logging.info(f"[INFO] PR number: {self.secrets.pr_number}")
+
+    # expect_result: a string representation of expected result, e.g. 'success'
+    def check_workflow_conclusion(self, expect_result: str):
+        # Check workflow conclusion
+        super().check_workflow_conclusion(None, expect_result, pytest.fail)
+
+    # expect_merged: boolean representing whether the PR should be merged
+    def check_pull_request_result(self, expect_merged: bool):
+        super().check_pull_request_result(
+            self.secrets.pr_number, expect_merged, pytest.fail
+        )
+
+    # expect_merged: boolean representing whether the PR should be merged
+    def check_pull_request_labels(self):
+        super().check_pull_request_labels(self.secrets.pr_number, pytest.fail)
+
+    def check_pull_request_comments(self, expect_message: str):
+        r = github_api(
+            "get",
+            f"repos/{self.secrets.test_repo}/issues/{self.secrets.pr_number}/comments",
+            self.secrets.bot_token,
+        )
+        logging.info(f"STATUS_CODE: {r.status_code}")
+
+        response = json.loads(r.text)
+        complete_comment = response[0]["body"]
+
+        if re.search(expect_message, complete_comment):
+            logging.info("Found the expected comment in the PR")
+        else:
+            pytest.fail(
+                f"Was expecting '{expect_message}' in the comment {complete_comment}"
+            )
+
+    def check_index_yaml(self, check_provider_type=False):
+        super().check_index_yaml(
+            self.secrets.base_branch,
+            self.secrets.vendor,
+            self.secrets.chart_name,
+            self.secrets.chart_version,
+            self.secrets.index_file,
+            check_provider_type,
+            pytest.fail,
+        )
+
+    def check_release_result(self):
+        chart_tgz = self.secrets.test_chart.split("/")[-1]
+        super().check_release_result(
+            self.secrets.vendor,
+            self.secrets.chart_name,
+            self.secrets.chart_version,
+            chart_tgz,
+            pytest.fail,
+        )
+
+    def cleanup_release(self):
+        expected_tag = f"{self.secrets.vendor}-{self.secrets.chart_name}-{self.secrets.chart_version}"
+        super().cleanup_release(expected_tag)
+
+
+@dataclass
+class ChartCertificationE2ETestMultiple(ChartCertificationE2ETest):
+    secrets: E2ETestSecretRecursive = E2ETestSecretRecursive()
+
+    def __post_init__(self) -> None:
+        bot_name, bot_token = self.get_bot_name_and_token()
+        dry_run = self.get_dry_run()
+        notify_id = self.get_notify_id()
+        software_name, software_version = self.get_software_name_version()
+        vendor_type = self.get_vendor_type()
+
+        test_repo = TEST_REPO
+        base_branches = []
+        pr_branches = []
+
+        pr_base_branch = self.repo.active_branch.name
+        r = github_api("get", f"repos/{test_repo}/branches", bot_token)
+        branches = json.loads(r.text)
+        branch_names = [branch["name"] for branch in branches]
+        if pr_base_branch not in branch_names:
+            logging.info(
+                f"{test_repo}:{pr_base_branch} does not exists, creating with local branch"
+            )
+        self.repo.git.push(
+            f"https://x-access-token:{bot_token}@github.com/{test_repo}",
+            f"HEAD:refs/heads/{pr_base_branch}",
+            "-f",
+        )
+
+        self.secrets = E2ETestSecretRecursive()
+        self.secrets.software_name = software_name
+        self.secrets.software_version = software_version
+        self.secrets.test_repo = test_repo
+        self.secrets.bot_name = bot_name
+        self.secrets.bot_token = bot_token
+        self.secrets.vendor_type = vendor_type
+        self.secrets.pr_base_branch = pr_base_branch
+        self.secrets.base_branches = base_branches
+        self.secrets.pr_branches = pr_branches
+        self.secrets.dry_run = dry_run
+        self.secrets.notify_id = notify_id
+        self.secrets.owners_file_content = self.owners_file_content
+        self.secrets.release_tags = list()
+
+    def cleanup(self):
+        # Teardown step to cleanup releases and branches
+        for release_tag in self.secrets.release_tags:
+            self.cleanup_release(release_tag)
+
+        self.repo.git.worktree("prune")
+        for base_branch in self.secrets.base_branches:
+            logging.info(f"Delete '{self.secrets.test_repo}:{base_branch}'")
+            github_api(
+                "delete",
+                f"repos/{self.secrets.test_repo}/git/refs/heads/{base_branch}",
+                self.secrets.bot_token,
+            )
+
+            logging.info(f"Delete '{self.secrets.test_repo}:{base_branch}-gh-pages'")
+            github_api(
+                "delete",
+                f"repos/{self.secrets.test_repo}/git/refs/heads/{base_branch}-gh-pages",
+                self.secrets.bot_token,
+            )
+
+            logging.info(f"Delete local '{base_branch}'")
+            try:
+                self.repo.git.branch("-D", base_branch)
+            except git.exc.GitCommandError:
+                logging.info(f"Local '{base_branch}' does not exist")
+
+        for pr_branch in self.secrets.pr_branches:
+            logging.info(f"Delete '{self.secrets.test_repo}:{pr_branch}'")
+            github_api(
+                "delete",
+                f"repos/{self.secrets.test_repo}/git/refs/heads/{pr_branch}",
+                self.secrets.bot_token,
+            )
+
+        try:
+            logging.info("Delete local 'tmp' branch")
+            self.temp_repo.git.branch("-D", "tmp")
+        except git.exc.GitCommandError:
+            logging.info("Local 'tmp' branch does not exist")
+
+    def get_dry_run(self):
+        # Accepts 'true' or 'false', depending on whether we want to notify
+        # Don't notify on dry runs, default to True
+        dry_run = False if os.environ.get("DRY_RUN") == "false" else True
+        # Don't notify if not triggerd on PROD_REPO and PROD_BRANCH
+        if not dry_run:
+            triggered_branch = os.environ.get("GITHUB_REF").split("/")[-1]
+            triggered_repo = os.environ.get("GITHUB_REPOSITORY")
+            if triggered_repo != PROD_REPO or triggered_branch != PROD_BRANCH:
+                dry_run = True
+        return dry_run
+
+    def get_notify_id(self):
+        # Accepts comma separated Github IDs or empty strings to override people to tag in notifications
+        notify_id = os.environ.get("NOTIFY_ID")
+        if notify_id:
+            notify_id = [vt.strip() for vt in notify_id.split(",")]
+        else:
+            notify_id = ["dperaza", "mmulholla"]
+        return notify_id
+
+    def get_software_name_version(self):
+        software_name = os.environ.get("SOFTWARE_NAME")
+        if not software_name:
+            raise Exception("SOFTWARE_NAME environment variable not defined")
+
+        software_version = os.environ.get("SOFTWARE_VERSION").strip('"')
+        if not software_version:
+            raise Exception("SOFTWARE_VERSION environment variable not defined")
+        elif software_version.startswith("sha256"):
+            software_version = software_version[-8:]
+
+        return software_name, software_version
+
+    def get_vendor_type(self):
+        vendor_type = os.environ.get("VENDOR_TYPE")
+        if not vendor_type:
+            logging.info(
+                "VENDOR_TYPE environment variable not defined, default to `all`"
+            )
+            vendor_type = "all"
+        return vendor_type
+
+    def setup_temp_dir(self):
+        self.temp_dir = TemporaryDirectory(prefix="tci-")
+        with SetDirectory(Path(self.temp_dir.name)):
+            # Make PR's from a temporary directory
+            logging.info(f"Worktree directory: {self.temp_dir.name}")
+            self.repo.git.worktree("add", "--detach", self.temp_dir.name, "HEAD")
+            self.temp_repo = git.Repo(self.temp_dir.name)
+
+            # Run submission flow test with charts in PROD_REPO:PROD_BRANCH
+            self.set_git_username_email(
+                self.temp_repo, self.secrets.bot_name, GITHUB_ACTIONS_BOT_EMAIL
+            )
+            self.temp_repo.git.checkout(PROD_BRANCH, "charts")
+            self.temp_repo.git.restore("--staged", "charts")
+            self.secrets.submitted_charts = get_all_charts(
+                "charts", self.secrets.vendor_type
+            )
+            logging.info(
+                f"Found charts for {self.secrets.vendor_type}: {self.secrets.submitted_charts}"
+            )
+            self.temp_repo.git.checkout("-b", "tmp")
+
+    def get_owner_ids(self, chart_directory, owners_table):
+        with open(f"{chart_directory}/OWNERS", "r") as fd:
+            try:
+                owners = yaml.safe_load(fd)
+                # Pick owner ids for notification
+                owners_table[chart_directory] = [
+                    owner.get("githubUsername", "") for owner in owners["users"]
+                ]
+            except yaml.YAMLError as err:
+                logging.warning(f"Error parsing OWNERS of {chart_directory}: {err}")
+
+    def push_chart(
+        self,
+        chart_directory,
+        chart_name,
+        chart_version,
+        vendor_name,
+        vendor_type,
+        pr_branch,
+    ):
+        # Push chart files to test_repo:pr_branch
+        self.temp_repo.git.add(f"{chart_directory}/{chart_version}")
+        self.temp_repo.git.commit(
+            "-m",
+            f"Add {vendor_type} {vendor_name} {chart_name} {chart_version} chart files",
+        )
+        self.temp_repo.git.push(
+            f"https://x-access-token:{self.secrets.bot_token}@github.com/{self.secrets.test_repo}",
+            f"HEAD:refs/heads/{pr_branch}",
+            "-f",
+        )
+
+    def report_failure(
+        self, chart, chart_owners, failure_type, pr_html_url=None, run_html_url=None
+    ):
+        os.environ["GITHUB_REPO"] = PROD_REPO.split("/")[1]
+        os.environ["GITHUB_AUTH_TOKEN"] = self.secrets.bot_token
+        if not self.secrets.dry_run:
+            os.environ["GITHUB_REPO"] = PROD_REPO.split("/")[1]
+            os.environ["GITHUB_AUTH_TOKEN"] = self.secrets.bot_token
+            os.environ["GITHUB_ORGANIZATION"] = PROD_REPO.split("/")[0]
+            logging.info(
+                f"Send notification to '{self.secrets.notify_id}' about verification result of '{chart}'"
+            )
+            create_verification_issue(
+                chart,
+                chart_owners,
+                failure_type,
+                self.secrets.notify_id,
+                pr_html_url,
+                run_html_url,
+                self.secrets.software_name,
+                self.secrets.software_version,
+                self.secrets.bot_token,
+                self.secrets.dry_run,
+            )
+        else:
+            os.environ["GITHUB_ORGANIZATION"] = PROD_REPO.split("/")[0]
+            os.environ["GITHUB_REPO"] = "sandbox"
+            os.environ["GITHUB_AUTH_TOKEN"] = self.secrets.bot_token
+            logging.info(
+                f"Send notification to '{self.secrets.notify_id}' about dry run verification result of '{chart}'"
+            )
+            create_verification_issue(
+                chart,
+                chart_owners,
+                failure_type,
+                self.secrets.notify_id,
+                pr_html_url,
+                run_html_url,
+                self.secrets.software_name,
+                self.secrets.software_version,
+                self.secrets.bot_token,
+                self.secrets.dry_run,
+            )
+            logging.info(
+                f"Dry Run - send sandbox notification to '{chart_owners}' about verification result of '{chart}'"
+            )
+
+    def check_single_chart_result(
+        self,
+        vendor_type,
+        vendor_name,
+        chart_name,
+        chart_version,
+        pr_number,
+        owners_table,
+    ):
+        base_branch = f"{self.secrets.software_name}-{self.secrets.software_version}-{self.secrets.pr_base_branch}-{vendor_type}-{vendor_name}-{chart_name}-{chart_version}"
+
+        # Check workflow conclusion
+        chart = f"{vendor_name} {chart_name} {chart_version}"
+        run_id, conclusion = super().check_workflow_conclusion(
+            pr_number, "success", logging.warning
+        )
+
+        if conclusion and run_id:
+            if conclusion != "success":
+                # Send notification to owner through GitHub issues
+                r = github_api(
+                    "get",
+                    f"repos/{self.secrets.test_repo}/actions/runs/{run_id}",
+                    self.secrets.bot_token,
+                )
+                run = r.json()
+                run_html_url = run["html_url"]
+
+                pr = get_pr(self.secrets, pr_number)
+                pr_html_url = pr["html_url"]
+                chart_directory = f"charts/{vendor_type}/{vendor_name}/{chart_name}"
+                chart_owners = owners_table[chart_directory]
+
+                self.report_failure(
+                    chart, chart_owners, CHECKS_FAILED, pr_html_url, run_html_url
+                )
+
+                logging.warning(
+                    f"PR{pr_number} workflow failed: {vendor_name}, {chart_name}, {chart_version}"
+                )
+                return
+            else:
+                logging.info(
+                    f"PR{pr_number} workflow passed: {vendor_name}, {chart_name}, {chart_version}"
+                )
+        else:
+            logging.warning(
+                f"PR{pr_number} workflow did not complete: {vendor_name}, {chart_name}, {chart_version}"
+            )
+            return
+
+        # Check PRs are merged
+        if not super().check_pull_request_result(pr_number, True, logging.warning):
+            logging.warning(
+                f"PR{pr_number} pull request was not merged: {vendor_name}, {chart_name}, {chart_version}"
+            )
+            return
+        logging.info(
+            f"PR{pr_number} pull request was merged: {vendor_name}, {chart_name}, {chart_version}"
+        )
+
+        # Check index.yaml is updated
+        if not super().check_index_yaml(
+            base_branch,
+            vendor_name,
+            chart_name,
+            chart_version,
+            check_provider_type=False,
+            logger=logging.warning,
+        ):
+            logging.warning(
+                f"PR{pr_number} - Chart was not found in Index file: {vendor_name}, {chart_name}, {chart_version}"
+            )
+        logging.info(
+            f"PR{pr_number} - Chart was found in Index file: {vendor_name}, {chart_name}, {chart_version}"
+        )
+
+        # Check release is published
+        chart_tgz = f"{chart_name}-{chart_version}.tgz"
+        if not super().check_release_result(
+            vendor_name, chart_name, chart_version, chart_tgz, logging.warning
+        ):
+            logging.warning(
+                f"PR{pr_number} - Release was not created: {vendor_name}, {chart_name}, {chart_version}"
+            )
+        logging.info(
+            f"PR{pr_number} - Release was created: {vendor_name}, {chart_name}, {chart_version}"
+        )
+
+    def process_single_chart(
+        self,
+        vendor_type,
+        vendor_name,
+        chart_name,
+        chart_version,
+        pr_number_list,
+        owners_table,
+    ):
+        # Get SHA from 'pr_base_branch' branch
+        logging.info(
+            f"Process chart: {vendor_type}/{vendor_name}/{chart_name}/{chart_version}"
+        )
+        r = github_api(
+            "get",
+            f"repos/{self.secrets.test_repo}/git/ref/heads/{self.secrets.pr_base_branch}",
+            self.secrets.bot_token,
+        )
+        j = json.loads(r.text)
+        pr_base_branch_sha = j["object"]["sha"]
+
+        chart_directory = f"charts/{vendor_type}/{vendor_name}/{chart_name}"
+        base_branch = f"{self.secrets.software_name}-{self.secrets.software_version}-{self.secrets.pr_base_branch}-{vendor_type}-{vendor_name}-{chart_name}-{chart_version}"
+        base_branch = base_branch.replace(":", "-")
+        pr_branch = f"{base_branch}-pr-branch"
+
+        self.secrets.base_branches.append(base_branch)
+        self.secrets.pr_branches.append(pr_branch)
+        self.temp_repo.git.checkout("tmp")
+        self.temp_repo.git.checkout("-b", base_branch)
+
+        # Create test gh-pages branch for checking index.yaml
+        self.create_test_gh_pages_branch(
+            self.secrets.test_repo, base_branch, self.secrets.bot_token
+        )
+
+        # Create a new base branch for testing current chart
+        logging.info(f"Create {self.secrets.test_repo}:{base_branch} for testing")
+        r = github_api(
+            "get", f"repos/{self.secrets.test_repo}/branches", self.secrets.bot_token
+        )
+        branches = json.loads(r.text)
+        branch_names = [branch["name"] for branch in branches]
+        if base_branch in branch_names:
+            logging.warning(f"{self.secrets.test_repo}:{base_branch} already exists")
+            return
+        data = {"ref": f"refs/heads/{base_branch}", "sha": pr_base_branch_sha}
+        r = github_api(
+            "post",
+            f"repos/{self.secrets.test_repo}/git/refs",
+            self.secrets.bot_token,
+            json=data,
+        )
+
+        # Remove chart and owners file from git
+        self.remove_chart(
+            chart_directory,
+            chart_version,
+            self.secrets.test_repo,
+            base_branch,
+            self.secrets.bot_token,
+        )
+        self.remove_owners_file(
+            chart_directory, self.secrets.test_repo, base_branch, self.secrets.bot_token
+        )
+
+        # Get owners id for notifications
+        self.get_owner_ids(chart_directory, owners_table)
+
+        # Create and push test owners file
+        super().create_and_push_owners_file(
+            chart_directory, base_branch, vendor_name, vendor_type, chart_name
+        )
+
+        # Push test chart to pr_branch
+        self.push_chart(
+            chart_directory,
+            chart_name,
+            chart_version,
+            vendor_name,
+            vendor_type,
+            pr_branch,
+        )
+
+        # Create PR from pr_branch to base_branch
+        logging.info("sleep for 5 seconds to avoid secondary api limit")
+        time.sleep(5)
+        pr_number = super().send_pull_request(
+            self.secrets.test_repo, base_branch, pr_branch, self.secrets.bot_token
+        )
+        pr_number_list.append(
+            (vendor_type, vendor_name, chart_name, chart_version, pr_number)
+        )
+        logging.info(
+            f"PR{pr_number} created in {self.secrets.test_repo} into {base_branch} from {pr_branch}"
+        )
+
+        # Record expected release tags
+        self.secrets.release_tags.append(f"{vendor_name}-{chart_name}-{chart_version}")
+
+    def process_all_charts(self):
+        self.setup_git_context(self.repo)
+        self.setup_temp_dir()
+
+        owners_table = dict()
+        pr_number_list = list()
+
+        skip_charts = list()
+
+        logging.info(
+            f"Running tests for : {self.secrets.software_name} {self.secrets.software_version} :"
+        )
+        # First look for charts in index.yaml to see if kubeVersion is good:
+        if self.secrets.software_name == "OpenShift":
+            logging.info("check index file for invalid kubeVersions")
+            failed_charts = check_index_entries(self.secrets.software_version)
+            if failed_charts:
+                for chart in failed_charts:
+                    providerDir = chart["providerType"].replace("partner", "partners")
+                    chart_directory = (
+                        f'charts/{providerDir}/{chart["provider"]}/{chart["name"]}'
+                    )
+                    self.get_owner_ids(chart_directory, owners_table)
+                    chart_owners = owners_table[chart_directory]
+                    chart_id = f'{chart["provider"]} {chart["name"]} {chart["version"]}'
+                    self.report_failure(
+                        chart_id, chart_owners, chart["message"], "", ""
+                    )
+                    skip_charts.append(f'{chart["name"]}-{chart["version"]}')
+
+        # Process test charts and send PRs from temporary directory
+        with SetDirectory(Path(self.temp_dir.name)):
+            for (
+                vendor_type,
+                vendor_name,
+                chart_name,
+                chart_version,
+            ) in self.secrets.submitted_charts:
+                if f"{chart_name}-{chart_version}" in skip_charts:
+                    logging.info(
+                        f"Skip already failed chart: {vendor_type}, {vendor_name}, {chart_name}, {chart_version}"
+                    )
+                else:
+                    logging.info(
+                        f"Process chart: {vendor_type}, {vendor_name}, {chart_name}, {chart_version}"
+                    )
+                    self.process_single_chart(
+                        vendor_type,
+                        vendor_name,
+                        chart_name,
+                        chart_version,
+                        pr_number_list,
+                        owners_table,
+                    )
+                    logging.info("sleep for 5 seconds  to avoid secondary api limit")
+                    time.sleep(5)
+
+        for (
+            vendor_type,
+            vendor_name,
+            chart_name,
+            chart_version,
+            pr_number,
+        ) in pr_number_list:
+            logging.info(
+                f"PR{pr_number} Check result: {vendor_type}, {vendor_name}, {chart_name}, {chart_version}"
+            )
+            self.check_single_chart_result(
+                vendor_type,
+                vendor_name,
+                chart_name,
+                chart_version,
+                pr_number,
+                owners_table,
+            )
diff --git a/tests/functional/utils/github.py b/tests/functional/utils/github.py
new file mode 100644
index 00000000000..f91ecc5231e
--- /dev/null
+++ b/tests/functional/utils/github.py
@@ -0,0 +1,117 @@
+# -*- coding: utf-8 -*-
+"""Utility class for setting up and manipulating GitHub operations."""
+
+import json
+import requests
+from retrying import retry
+
+from functional.utils.setttings import *
+
+
+@retry(stop_max_delay=30_000, wait_fixed=1000)
+def get_run_id(secrets, pr_number=None):
+    pr = get_pr(secrets, pr_number)
+    r = github_api("get", f"repos/{secrets.test_repo}/actions/runs", secrets.bot_token)
+    runs = json.loads(r.text)
+
+    for run in runs["workflow_runs"]:
+        if (
+            run["head_sha"] == pr["head"]["sha"]
+            and run["name"] == CERTIFICATION_CI_NAME
+        ):
+            return run["id"]
+    else:
+        raise Exception("Workflow for the submitted PR did not run.")
+
+
+@retry(stop_max_delay=60_000 * 40, wait_fixed=2000)
+def get_run_result(secrets, run_id):
+    r = github_api(
+        "get", f"repos/{secrets.test_repo}/actions/runs/{run_id}", secrets.bot_token
+    )
+    run = json.loads(r.text)
+
+    if run["conclusion"] is None:
+        raise Exception(f"Workflow {run_id} is still running, PR: {secrets.pr_number} ")
+
+    return run["conclusion"]
+
+
+@retry(stop_max_delay=10_000, wait_fixed=1000)
+def get_release_assets(secrets, release_id, required_assets):
+    r = github_api(
+        "get",
+        f"repos/{secrets.test_repo}/releases/{release_id}/assets",
+        secrets.bot_token,
+    )
+    asset_list = json.loads(r.text)
+    asset_names = [asset["name"] for asset in asset_list]
+    missing_assets = list()
+    for asset in required_assets:
+        if asset not in asset_names:
+            missing_assets.append(asset)
+    if len(missing_assets) > 0:
+        raise Exception(f"Missing release asset: {missing_assets}")
+
+
+@retry(stop_max_delay=15_000, wait_fixed=1000)
+def get_release_by_tag(secrets, release_tag):
+    r = github_api("get", f"repos/{secrets.test_repo}/releases", secrets.bot_token)
+    releases = json.loads(r.text)
+    for release in releases:
+        if release["tag_name"] == release_tag:
+            return release
+    raise Exception("Release not published")
+
+
+def get_pr(secrets, pr_number=None):
+    pr_number = secrets.pr_number if pr_number is None else pr_number
+    r = github_api(
+        "post", f"repos/{secrets.test_repo}/pulls/{pr_number}", secrets.bot_token
+    )
+    pr = json.loads(r.text)
+    return pr
+
+
+def github_api_get(endpoint, bot_token, headers={}):
+    if not headers:
+        headers = {
+            "Accept": "application/vnd.github.v3+json",
+            "Authorization": f"Bearer {bot_token}",
+        }
+    r = requests.get(f"{GITHUB_BASE_URL}/{endpoint}", headers=headers)
+
+    return r
+
+
+def github_api_delete(endpoint, bot_token, headers={}):
+    if not headers:
+        headers = {
+            "Accept": "application/vnd.github.v3+json",
+            "Authorization": f"Bearer {bot_token}",
+        }
+    r = requests.delete(f"{GITHUB_BASE_URL}/{endpoint}", headers=headers)
+
+    return r
+
+
+def github_api_post(endpoint, bot_token, headers={}, json={}):
+    if not headers:
+        headers = {
+            "Accept": "application/vnd.github.v3+json",
+            "Authorization": f"Bearer {bot_token}",
+        }
+    r = requests.post(f"{GITHUB_BASE_URL}/{endpoint}", headers=headers, json=json)
+
+    return r
+
+
+def github_api(method, endpoint, bot_token, headers={}, data={}, json={}):
+    if method == "get":
+        return github_api_get(endpoint, bot_token, headers=headers)
+    elif method == "post":
+        return github_api_post(endpoint, bot_token, headers=headers, json=json)
+    elif method == "delete":
+        return github_api_delete(endpoint, bot_token, headers=headers)
+    else:
+        raise ValueError("Github API method not implemented in helper function")
diff --git a/tests/functional/utils/index.py b/tests/functional/utils/index.py
new file mode 100644
index 00000000000..45ad4ab8a21
--- /dev/null
+++ b/tests/functional/utils/index.py
@@ -0,0 +1,49 @@
+import logging
+import semantic_version
+import sys
+
+sys.path.append("../../../scripts/src")
+from chartrepomanager import indexannotations
+from indexfile import index
+
+
+def check_index_entries(ocpVersion):
+    all_chart_list = index.get_latest_charts()
+    failed_chart_list = []
+
+    OCP_VERSION = semantic_version.Version.coerce(ocpVersion)
+
+    for chart in all_chart_list:
+        if (
+            "supportedOCP" in chart
+            and chart["supportedOCP"] != "N/A"
+            and chart["supportedOCP"] != ""
+        ):
+            if OCP_VERSION in semantic_version.NpmSpec(chart["supportedOCP"]):
+                logging.info(
+                    f'PASS: Chart {chart["name"]} {chart["version"]} supported OCP version {chart["supportedOCP"]} includes: {OCP_VERSION}'
+                )
+            else:
+                chart[
+                    "message"
+                ] = f'chart {chart["name"]} {chart["version"]} supported OCP version {chart["supportedOCP"]} does not include latest OCP version {OCP_VERSION}'
+                logging.info(
+                    f'   ERROR: Chart {chart["name"]} {chart["version"]} supported OCP version {chart["supportedOCP"]} does not include {OCP_VERSION}'
+                )
+                failed_chart_list.append(chart)
+        elif "kubeVersion" in chart and chart["kubeVersion"] != "":
+            supportedOCPVersion = indexannotations.getOCPVersions(chart["kubeVersion"])
+            if OCP_VERSION in semantic_version.NpmSpec(supportedOCPVersion):
+                logging.info(
+                    f'PASS: Chart {chart["name"]} {chart["version"]} kubeVersion  {chart["kubeVersion"]} (OCP: {supportedOCPVersion}) includes OCP version: {OCP_VERSION}'
+                )
+            else:
+                chart[
+                    "message"
+                ] = f'chart {chart["name"]} {chart["version"]} kubeVersion {chart["kubeVersion"]} (OCP: {supportedOCPVersion}) does not include latest OCP version {OCP_VERSION}'
+                logging.info(
+                    f'   ERROR: Chart {chart["name"]} {chart["version"]} kubeVersion {chart["kubeVersion"]} (OCP: {supportedOCPVersion}) does not include {OCP_VERSION}'
+                )
+                failed_chart_list.append(chart)
+
+    return failed_chart_list
diff --git a/tests/functional/utils/notifier.py b/tests/functional/utils/notifier.py
new file mode 100755
index 00000000000..923859fd4ac
--- /dev/null
+++ b/tests/functional/utils/notifier.py
@@ -0,0 +1,206 @@
+# -*- coding: utf-8 -*-
+"""Utility module for sending chart owners notifications."""
+
+import json
+import os
+import sys
+
+import requests
+
+from functional.utils.setttings import *
+
+endpoint_data = {}
+
+CHECKS_FAILED = "checks failed"
+
+
+def _set_endpoint_key(key, env_var):
+    if key not in endpoint_data:
+        if env_var in os.environ:
+            endpoint_data[key] = os.environ[env_var]
+        else:
+            raise Exception(
+                f"Environment variables {env_var} is required to connect to github"
+            )
+
+
+def _set_endpoint():
+    _set_endpoint_key("access_token", "GITHUB_AUTH_TOKEN")
+    _set_endpoint_key("organization", "GITHUB_ORGANIZATION")
+    _set_endpoint_key("repo", "GITHUB_REPO")
+
+
+def _make_gihub_request(method, uri, body=None, params={}, headers={}, verbose=False):
+    headers.update(
+        {
+            "Authorization": f'Bearer {endpoint_data["access_token"]}',
+            "Accept": "application/vnd.github.v3+json",
+        }
+    )
+
+    url = f'{GITHUB_BASE_URL}/repos/{endpoint_data["organization"]}/{endpoint_data["repo"]}/{uri}'
+
+    print(f"API url: {url}")
+    method_map = {
+        "get": requests.get,
+        "post": requests.post,
+        "put": requests.put,
+        "delete": requests.delete,
+        "patch": requests.patch,
+    }
+    request_method = method_map[method]
+    response = request_method(url, params=params, headers=headers, json=body)
+    if verbose:
+        print(json.dumps(headers, indent=4, sort_keys=True))
+        print(json.dumps(body, indent=4, sort_keys=True))
+        print(json.dumps(params, indent=4, sort_keys=True))
+        print(response.text)
+    response.raise_for_status()
+    try:
+        resp_json = response.json()
+    except Exception:
+        resp_json = None
+    if resp_json and verbose:
+        print(json.dumps(resp_json, indent=4, sort_keys=True))
+    return resp_json
+
+
+# Call this method directly if you are not creating a verification issue nor a version change issue.
+def create_an_issue(title, description, assignees=[], labels=[]):
+    uri = "issues"
+    method = "post"
+    body = {
+        "title": title,
+        "body": description,
+        "assignees": assignees,
+        "labels": labels,
+    }
+    _make_gihub_request(method, uri, body=body, verbose=False)
+
+
+def _verify_endpoint(access_token):
+    if "repo" not in endpoint_data:
+        raise Exception("GITHUB_REPO environment variable not defined")
+
+    if "organization" not in endpoint_data:
+        raise Exception("GITHUB_ORGANIZATION environment variable not defined")
+
+    if access_token:
+        endpoint_data["access_token"] = access_token
+
+
+def create_verification_issue(
+    chart,
+    chart_owners,
+    failure_type,
+    notify_developers,
+    pr_url,
+    report_url,
+    software_name,
+    software_version,
+    access_token=None,
+    dry_run=False,
+):
+    """Create and issue with chart-verifier findings after a version change trigger.
+
+    chart_name -- Name of the chart that was verified. Include version for more verbose information\n
+    chart_owners -- Github IDs of the chart owners\n
+    failure_type - Indication of the type of failure
+    report_url -- URL or the report resulting from verification if applicable\n
+    kube-version -- The kubeVersion attribute of the chart if it is bade.\n
+    software_name -- Name of the software dependency that changed e.g, OCP and Chart Verifier\n
+    software_version -- The softwared dependency version used\n
+    access_token -- An optional github access token secret. If not passed will try to get from GITHUB_AUTH_TOKEN environment variable\
+    dry-run -- Set if the test run is a dry-run.
+    """
+
+    title = f"Chart {chart}"
+    if dry_run:
+        title = f"Dry Run: Chart {chart}"
+
+    if failure_type == CHECKS_FAILED:
+        title = f"{title} has failures with {software_name} version {software_version}"
+        report_result = "some chart checks have failed. Please review the failures and, if required, consider submitting a new chart version with the appropriate additions/corrections."
+        body = (
+            f"FYI @{' @'.join(notify_developers)}, in PR {pr_url} we triggered the chart certification workflow against chart {chart} because the workflow "
+            f"now supports {software_name} version {software_version}. We have found that {report_result}. Check details in the report: "
+            f"{report_url}, Chart owners are: {chart_owners}"
+        )
+    else:
+        title = f"{title} does not support {software_name} version {software_version}"
+        body = (
+            f"FYI @{' @'.join(notify_developers)}, we checked the OCP versions supported by {chart} because the workflow "
+            f"now supports {software_name} version {software_version}. We have found that {failure_type}. Chart owners are: {chart_owners}"
+        )
+
+    _set_endpoint()
+    _verify_endpoint(access_token)
+    create_an_issue(title, body)
+
+
+def create_version_change_issue(
+    chart_name, chart_owners, software_name, software_version, access_token=None
+):
+    """Create and issue with new version of software dependencies supported by certitifcation program.
+
+    chart_name -- Name of the chart afected. Include version for more verbose information
+    chart_owners -- Github IDs of the chart owners\n
+    software_name -- Name of the software dependency that changed e.g, OCP and Chart Verifier\n
+    software_version -- The softwared dependency version used\n
+    access_token -- An optional github access token secret. If not passed will try to get from GITHUB_AUTH_TOKEN environment variable\n
+    """
+
+    title = f"Action needed for {chart_name} after a certification dependency change"
+
+    body = (
+        f"FYI @{' @'.join(chart_owners)}, {software_name} {software_version} is now supported by the certification program. "
+        "Consider submiting a new chart version."
+    )
+
+    _set_endpoint()
+    _verify_endpoint(access_token)
+    create_an_issue(title, body)
+
+
+if __name__ == "__main__":
+    # Collecting info interactively
+    print("Enter the chart name: ")
+    chart_name = sys.stdin.readline().strip()
+    print("Enter chart owners: ")
+    chart_owners = sys.stdin.readline().strip().split()
+    print("Enter the github organization: ")
+    organization = sys.stdin.readline().strip()
+    print("Enter the github repo: ")
+    repo = sys.stdin.readline().strip()
+
+    # setting endpoint
+    print(f"Creating custom issue in https://github.com/{organization}/{repo}")
+    endpoint_data["organization"] = organization
+    endpoint_data["repo"] = repo
+
+    print("Enter the name of software dependency that changed: ")
+    software_name = sys.stdin.readline().strip()
+    print("Enter the version of software dependency that changed: ")
+    software_version = sys.stdin.readline().strip()
+
+    print("What type of issue are you creating (verification/version-change)?: ")
+    issue_type = sys.stdin.readline().strip()
+
+    if issue_type == "verification":
+        print("Enter the report url: ")
+        report_url = sys.stdin.readline().strip()
+        print("Did the chart verification pass (yes/no)?: ")
+        pass_answer = sys.stdin.readline().strip()
+        pass_verification = pass_answer == "yes"
+        create_verification_issue(
+            chart_name,
+            chart_owners,
+            report_url,
+            software_name,
+            software_version,
+            pass_verification=pass_verification,
+        )
+    else:
+        create_version_change_issue(
+            chart_name, chart_owners, software_name, software_version
+        )
diff --git a/tests/functional/utils/secret.py b/tests/functional/utils/secret.py
new file mode 100644
index 00000000000..91a9d49f440
--- /dev/null
+++ b/tests/functional/utils/secret.py
@@ -0,0 +1,45 @@
+# -*- coding: utf-8 -*-
+"""Utility class for storing test specific settings."""
+
+from dataclasses import dataclass
+
+
+@dataclass
+class E2ETestSecret:
+    # common secrets between one-shot and recursive tests
+    test_repo: str = ""
+    bot_name: str = ""
+    bot_token: str = ""
+    pr_number: int = -1
+    vendor_type: str = ""
+    owners_file_content: str = ""
+    test_chart: str = ""
+    test_report: str = ""
+    chart_name: str = ""
+    chart_version: str = ""
+
+
+@dataclass
+class E2ETestSecretOneShot(E2ETestSecret):
+    # one-shot testing
+    base_branch: str = ""
+    pr_branch: str = ""
+    pr_number: int = -1
+    vendor: str = ""
+    bad_version: str = ""
+    provider_delivery: bool = False
+    index_file: str = "index.yaml"
+
+
+@dataclass
+class E2ETestSecretRecursive(E2ETestSecret):
+    # recursive testing
+    software_name: str = ""
+    software_version: str = ""
+    pr_base_branch: str = ""
+    base_branches: list = None
+    pr_branches: list = None
+    dry_run: bool = True
+    notify_id: list = None
+    submitted_charts: list = None
+    release_tags: list = None
diff --git a/tests/functional/utils/set_directory.py b/tests/functional/utils/set_directory.py
new file mode 100644
index 00000000000..becb220e5af
--- /dev/null
+++ b/tests/functional/utils/set_directory.py
@@ -0,0 +1,26 @@
+# -*- coding: utf-8 -*-
+"""Sets the cwd within the context.
+
+Reference: https://dev.to/teckert/changing-directory-with-a-python-context-manager-2bj8
+"""
+
+import os
+from dataclasses import dataclass
+from pathlib import Path
+
+
+@dataclass
+class SetDirectory(object):
+    """
+    Args:
+        path (Path): The path to the cwd
+    """
+
+    path: Path
+    origin: Path = Path().absolute()
+
+    def __enter__(self):
+        os.chdir(self.path)
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        os.chdir(self.origin)
diff --git a/tests/functional/utils/setttings.py b/tests/functional/utils/setttings.py
new file mode 100644
index 00000000000..45caafc8601
--- /dev/null
+++ b/tests/functional/utils/setttings.py
@@ -0,0 +1,14 @@
+# -*- coding: utf-8 -*-
+"""Settings and global variables for e2e tests"""
+
+GITHUB_BASE_URL = "https://api.github.com"
+# The sandbox repository where we run all our tests on
+TEST_REPO = "openshift-helm-charts/sandbox"
+# The prod repository where we create notification issues
+PROD_REPO = "openshift-helm-charts/charts"
+# The prod branch where we store all chart files
+PROD_BRANCH = "main"
+# This is used to find chart certification workflow run id
+CERTIFICATION_CI_NAME = "CI"
+# GitHub actions bot email for git email
+GITHUB_ACTIONS_BOT_EMAIL = "41898282+github-actions[bot]@users.noreply.github.com"